Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Totoro.1536

Time	Syscall Op	Syscall Name
2018-12-17T22:25:20.955202257Z	241	PC: 12aa8 \| UNKNOWN!
2018-12-17T22:25:20.956739289Z	42	PC: 12b42 \| Get date 0x12b42: cmp al, 6 0x12b44: jne 0x12b5d 0x12b46: mov ax, 0x3508 0x12b49: int 0x21 0x12b4b: mov word ptr cs:[0x58e], bx 0x12b50: mov word ptr cs:[0x590], es 0x12b55: mov dx, 0x55d 0x12b58: mov ax, 0x2508 0x12b5b: int 0x21 0x12b5d: mov ax, 0x3521 0x12b60: int 0x21 0x12b62: mov word ptr cs:[0x2bf], bx 0x12b67: mov word ptr cs:[0x2c1], es 0x12b6c: mov dx, 0x289 0x12b6f: mov ax, 0x2521 0x12b72: int 0x21 0x12b74: mov es, word ptr cs:[0x10b] 0x12b79: cmp word ptr cs:[0x107], 0x426b 0x12b80: je 0x12bc2 0x12b82: mov bx, 0x1000
2018-12-17T22:25:20.960039419Z	53	PC: 12b62 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:20.961711242Z	37	PC: 12b74 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:20.963436782Z	74	PC: 12b89 \| Reallocate memory
2018-12-17T22:25:20.966026785Z	75	PC: 12bc2 \| Execute program
2018-12-17T22:25:20.983105901Z	49	PC: 12bc9 \| Terminate and stay resident (Return code = '1' \| Memory size = '113')

Time	Syscall Op	Syscall Name
2018-12-25T11:51:53.178520136Z	241	PC: 12aa8 \| UNKNOWN!
2018-12-25T11:51:53.179546733Z	42	PC: 12b42 \| Get date 0x12b42: cmp al, 6 0x12b44: jne 0x12b5d 0x12b46: mov ax, 0x3508 0x12b49: int 0x21 0x12b4b: mov word ptr cs:[0x58e], bx 0x12b50: mov word ptr cs:[0x590], es 0x12b55: mov dx, 0x55d 0x12b58: mov ax, 0x2508 0x12b5b: int 0x21 0x12b5d: mov ax, 0x3521 0x12b60: int 0x21 0x12b62: mov word ptr cs:[0x2bf], bx 0x12b67: mov word ptr cs:[0x2c1], es 0x12b6c: mov dx, 0x289 0x12b6f: mov ax, 0x2521 0x12b72: int 0x21 0x12b74: mov es, word ptr cs:[0x10b] 0x12b79: cmp word ptr cs:[0x107], 0x426b 0x12b80: je 0x12bc2 0x12b82: mov bx, 0x1000
2018-12-25T11:51:53.183230029Z	53	PC: 12b62 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:53.185051829Z	37	PC: 12b74 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:53.186928043Z	74	PC: 12b89 \| Reallocate memory
2018-12-25T11:51:53.190760658Z	75	PC: 12bc2 \| Execute program
2018-12-25T11:51:53.208827804Z	49	PC: 12bc9 \| Terminate and stay resident (Return code = '1' \| Memory size = '113')

Time	Syscall Op	Syscall Name
2018-12-25T11:51:53.213479261Z	241	PC: 12aa8 \| UNKNOWN!
2018-12-25T11:51:53.214936199Z	42	PC: 12b42 \| Get date 0x12b42: cmp al, 6 0x12b44: jne 0x12b5d 0x12b46: mov ax, 0x3508 0x12b49: int 0x21 0x12b4b: mov word ptr cs:[0x58e], bx 0x12b50: mov word ptr cs:[0x590], es 0x12b55: mov dx, 0x55d 0x12b58: mov ax, 0x2508 0x12b5b: int 0x21 0x12b5d: mov ax, 0x3521 0x12b60: int 0x21 0x12b62: mov word ptr cs:[0x2bf], bx 0x12b67: mov word ptr cs:[0x2c1], es 0x12b6c: mov dx, 0x289 0x12b6f: mov ax, 0x2521 0x12b72: int 0x21 0x12b74: mov es, word ptr cs:[0x10b] 0x12b79: cmp word ptr cs:[0x107], 0x426b 0x12b80: je 0x12bc2 0x12b82: mov bx, 0x1000
2018-12-25T11:51:53.21792635Z	53	PC: 12b4b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:51:53.219468229Z	37	PC: 12b5d \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:51:53.221315486Z	53	PC: 12b62 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:53.223965237Z	37	PC: 12b74 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:53.226073991Z	74	PC: 12b89 \| Reallocate memory
2018-12-25T11:51:53.228919796Z	75	PC: 12bc2 \| Execute program
2018-12-25T11:51:53.243172451Z	49	PC: 12bc9 \| Terminate and stay resident (Return code = '1' \| Memory size = '113')