Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Smile.2576

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:54:21.206048197Z 224 PC: 12a5f | UNKNOWN!
2018-12-17T21:54:21.207748614Z 224 PC: 12b2a | UNKNOWN!
2018-12-17T21:54:21.209007641Z 74 PC: 12cb8 | Reallocate memory
2018-12-17T21:54:21.210598222Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:21.212830724Z 37 PC: 12cd1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:21.214242449Z 42 PC: 12d09 | Get date 0x12d09: cmp cx, 0x7c6
0x12d0d: ja 0x12d15
0x12d0f: cmp dx, 0x404
0x12d13: jb 0x12d2b
0x12d15: cmp al, 0
0x12d17: je 0x12d2b
0x12d19: cmp al, 6
0x12d1b: je 0x12d2e
0x12d1d: mov ax, dx
0x12d1f: mov cx, 0xa
0x12d22: push cs
0x12d23: pop ds
0x12d24: mov si, 0xff
0x12d27: repne scasd eax, dword ptr es:[di]
0x12d29: jcxz 0x12d37
0x12d2b: jmp 0x12d73
0x12d2d: nop
0x12d2e: mov word ptr cs:[0x389], 0xc
0x12d35: jmp 0x12d1d
0x12d37: mov ah, 0x48
2018-12-17T21:54:21.216455016Z 72 PC: 12d3e | Allocate memory
2018-12-17T21:54:21.217936791Z 53 PC: 12d50 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:54:21.219946954Z 53 PC: 12d5f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:54:21.221128337Z 37 PC: 12d73 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:54:21.22233235Z 75 PC: 12d8a | Execute program
2018-12-17T21:54:21.238084771Z 9 PC: 145b7 | Display string (String= 'Smile Again virus Come in !!! Caught By Peter Ferng !!!')
2018-12-17T21:54:21.241381066Z 73 PC: 12d9b | Release memory
2018-12-17T21:54:21.242773003Z 77 PC: 12d9f | Get program return code
2018-12-17T21:54:21.244375805Z 49 PC: 12db2 | Terminate and stay resident (Return code = '0' | Memory size = '416')

{"DateBased":true,"Day":4,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":472,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:56.695869749Z 224 PC: 12a5f | UNKNOWN!
2018-12-25T11:40:56.697453176Z 224 PC: 12b2a | UNKNOWN!
2018-12-25T11:40:56.69837369Z 74 PC: 12cb8 | Reallocate memory
2018-12-25T11:40:56.699575106Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:56.701062288Z 37 PC: 12cd1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:56.702371123Z 42 PC: 12d09 | Get date 0x12d09: cmp cx, 0x7c6
0x12d0d: ja 0x12d15
0x12d0f: cmp dx, 0x404
0x12d13: jb 0x12d2b
0x12d15: cmp al, 0
0x12d17: je 0x12d2b
0x12d19: cmp al, 6
0x12d1b: je 0x12d2e
0x12d1d: mov ax, dx
0x12d1f: mov cx, 0xa
0x12d22: push cs
0x12d23: pop ds
0x12d24: mov si, 0xff
0x12d27: repne scasd eax, dword ptr es:[di]
0x12d29: jcxz 0x12d37
0x12d2b: jmp 0x12d73
0x12d2d: nop
0x12d2e: mov word ptr cs:[0x389], 0xc
0x12d35: jmp 0x12d1d
0x12d37: mov ah, 0x48
2018-12-25T11:40:56.704614799Z 72 PC: 12d3e | Allocate memory
2018-12-25T11:40:56.706249393Z 53 PC: 12d50 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:40:56.707522936Z 53 PC: 12d5f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:56.709378034Z 37 PC: 12d73 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:56.71035161Z 75 PC: 12d8a | Execute program
2018-12-25T11:40:56.729358825Z 9 PC: 145b7 | Display string (String= 'Smile Again virus Come in !!! Caught By Peter Ferng !!!')
2018-12-25T11:40:56.735392964Z 73 PC: 12d9b | Release memory
2018-12-25T11:40:56.736565732Z 77 PC: 12d9f | Get program return code
2018-12-25T11:40:56.739611851Z 49 PC: 12db2 | Terminate and stay resident (Return code = '0' | Memory size = '416')

{"DateBased":true,"Day":5,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":472,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:56.862678604Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:40:56.868625561Z 41 PC: 94fae | Parse filename
2018-12-25T11:40:56.871969054Z 41 PC: 9502f | Parse filename
2018-12-25T11:40:56.875529834Z 41 PC: 9504c | Parse filename
2018-12-25T11:40:56.877677067Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T11:40:56.883024808Z 71 PC: 986f3 | Get current directory
2018-12-25T11:40:56.886067714Z 78 PC: 986fe | Find first file
2018-12-25T11:40:56.895291339Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:40:56.898055341Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:40:56.918158186Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:40:56.922784872Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:40:56.924324445Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:40:56.925264408Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:40:56.926325219Z 62 PC: 122ab | Close file
2018-12-25T11:40:56.928148504Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.929464068Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.930688209Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.932795321Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.933785765Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.935465958Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.946147939Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.94863658Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.951222888Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.9535084Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.95557893Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.957403875Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.959002682Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.96109621Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:40:56.96290335Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:40:56.963968574Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:40:56.966886278Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:40:56.969561636Z 25 PC: 94e62 | Get default drive
2018-12-25T11:40:56.970796107Z 71 PC: 970dd | Get current directory
2018-12-25T11:40:56.975080197Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:40:56.978226923Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:40:56.981428978Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:40:56.983728383Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:40:56.985958845Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T11:41:11.909700948Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:41:13.262976242Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:41:13.36458805Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:41:13.368454469Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T11:41:13.370357437Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T11:41:13.371770078Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T11:41:13.374051721Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T11:41:13.375461691Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:41:13.38443164Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:41:13.393587027Z 71 PC: 9856c | Get current directory
2018-12-25T11:41:13.396468047Z 73 PC: 97c09 | Release memory
2018-12-25T11:41:13.397682385Z 75 PC: 11821 | Execute program
2018-12-25T11:41:13.410932496Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:41:13.414684737Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":6,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":472,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:57.020056705Z 224 PC: 12a5f | UNKNOWN!
2018-12-25T11:40:57.021248458Z 224 PC: 12b2a | UNKNOWN!
2018-12-25T11:40:57.021945304Z 74 PC: 12cb8 | Reallocate memory
2018-12-25T11:40:57.022833956Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:57.024443722Z 37 PC: 12cd1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:57.026108098Z 42 PC: 12d09 | Get date 0x12d09: cmp cx, 0x7c6
0x12d0d: ja 0x12d15
0x12d0f: cmp dx, 0x404
0x12d13: jb 0x12d2b
0x12d15: cmp al, 0
0x12d17: je 0x12d2b
0x12d19: cmp al, 6
0x12d1b: je 0x12d2e
0x12d1d: mov ax, dx
0x12d1f: mov cx, 0xa
0x12d22: push cs
0x12d23: pop ds
0x12d24: mov si, 0xff
0x12d27: repne scasd eax, dword ptr es:[di]
0x12d29: jcxz 0x12d37
0x12d2b: jmp 0x12d73
0x12d2d: nop
0x12d2e: mov word ptr cs:[0x389], 0xc
0x12d35: jmp 0x12d1d
0x12d37: mov ah, 0x48
2018-12-25T11:40:57.027645262Z 75 PC: 12d8a | Execute program
2018-12-25T11:40:57.037597591Z 9 PC: 135a7 | Display string (String= 'Smile Again virus Come in !!! Caught By Peter Ferng !!!')
2018-12-25T11:40:57.049347202Z 73 PC: 12d9b | Release memory
2018-12-25T11:40:57.055057427Z 77 PC: 12d9f | Get program return code
2018-12-25T11:40:57.0565349Z 49 PC: 12db2 | Terminate and stay resident (Return code = '0' | Memory size = '160')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":472,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:57.036474923Z 224 PC: 12a5f | UNKNOWN!
2018-12-25T11:40:57.038620339Z 224 PC: 12b2a | UNKNOWN!
2018-12-25T11:40:57.04004546Z 74 PC: 12cb8 | Reallocate memory
2018-12-25T11:40:57.041775781Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:57.044358133Z 37 PC: 12cd1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:57.046042624Z 42 PC: 12d09 | Get date 0x12d09: cmp cx, 0x7c6
0x12d0d: ja 0x12d15
0x12d0f: cmp dx, 0x404
0x12d13: jb 0x12d2b
0x12d15: cmp al, 0
0x12d17: je 0x12d2b
0x12d19: cmp al, 6
0x12d1b: je 0x12d2e
0x12d1d: mov ax, dx
0x12d1f: mov cx, 0xa
0x12d22: push cs
0x12d23: pop ds
0x12d24: mov si, 0xff
0x12d27: repne scasd eax, dword ptr es:[di]
0x12d29: jcxz 0x12d37
0x12d2b: jmp 0x12d73
0x12d2d: nop
0x12d2e: mov word ptr cs:[0x389], 0xc
0x12d35: jmp 0x12d1d
0x12d37: mov ah, 0x48
2018-12-25T11:40:57.049002373Z 72 PC: 12d3e | Allocate memory
2018-12-25T11:40:57.050837592Z 53 PC: 12d50 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:40:57.053838907Z 53 PC: 12d5f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:57.055312262Z 37 PC: 12d73 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:57.05672045Z 75 PC: 12d8a | Execute program
2018-12-25T11:40:57.073611102Z 9 PC: 145b7 | Display string (String= 'Smile Again virus Come in !!! Caught By Peter Ferng !!!')
2018-12-25T11:40:57.082947878Z 73 PC: 12d9b | Release memory
2018-12-25T11:40:57.084530916Z 77 PC: 12d9f | Get program return code
2018-12-25T11:40:57.087546647Z 49 PC: 12db2 | Terminate and stay resident (Return code = '0' | Memory size = '416')

{"DateBased":true,"Day":5,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":472,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:58.073642278Z 224 PC: 12a5f | UNKNOWN!
2018-12-25T11:40:58.075080055Z 224 PC: 12b2a | UNKNOWN!
2018-12-25T11:40:58.076277405Z 74 PC: 12cb8 | Reallocate memory
2018-12-25T11:40:58.077761108Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:58.079640169Z 37 PC: 12cd1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:58.081202376Z 42 PC: 12d09 | Get date 0x12d09: cmp cx, 0x7c6
0x12d0d: ja 0x12d15
0x12d0f: cmp dx, 0x404
0x12d13: jb 0x12d2b
0x12d15: cmp al, 0
0x12d17: je 0x12d2b
0x12d19: cmp al, 6
0x12d1b: je 0x12d2e
0x12d1d: mov ax, dx
0x12d1f: mov cx, 0xa
0x12d22: push cs
0x12d23: pop ds
0x12d24: mov si, 0xff
0x12d27: repne scasd eax, dword ptr es:[di]
0x12d29: jcxz 0x12d37
0x12d2b: jmp 0x12d73
0x12d2d: nop
0x12d2e: mov word ptr cs:[0x389], 0xc
0x12d35: jmp 0x12d1d
0x12d37: mov ah, 0x48
2018-12-25T11:40:58.083098683Z 72 PC: 12d3e | Allocate memory
2018-12-25T11:40:58.084683007Z 53 PC: 12d50 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:40:58.085992567Z 53 PC: 12d5f | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:58.08758519Z 37 PC: 12d73 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:40:58.088981371Z 75 PC: 12d8a | Execute program
2018-12-25T11:40:58.097745652Z 9 PC: 145b7 | Display string (String= 'Smile Again virus Come in !!! Caught By Peter Ferng !!!')
2018-12-25T11:40:58.101404657Z 73 PC: 12d9b | Release memory
2018-12-25T11:40:58.103012289Z 77 PC: 12d9f | Get program return code
2018-12-25T11:40:58.103985492Z 49 PC: 12db2 | Terminate and stay resident (Return code = '0' | Memory size = '416')

{"DateBased":true,"Day":6,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":472,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:58.157916719Z 224 PC: 12a5f | UNKNOWN!
2018-12-25T11:40:58.159459642Z 224 PC: 12b2a | UNKNOWN!
2018-12-25T11:40:58.16031373Z 74 PC: 12cb8 | Reallocate memory
2018-12-25T11:40:58.161766068Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:58.163728653Z 37 PC: 12cd1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:58.165058134Z 42 PC: 12d09 | Get date 0x12d09: cmp cx, 0x7c6
0x12d0d: ja 0x12d15
0x12d0f: cmp dx, 0x404
0x12d13: jb 0x12d2b
0x12d15: cmp al, 0
0x12d17: je 0x12d2b
0x12d19: cmp al, 6
0x12d1b: je 0x12d2e
0x12d1d: mov ax, dx
0x12d1f: mov cx, 0xa
0x12d22: push cs
0x12d23: pop ds
0x12d24: mov si, 0xff
0x12d27: repne scasd eax, dword ptr es:[di]
0x12d29: jcxz 0x12d37
0x12d2b: jmp 0x12d73
0x12d2d: nop
0x12d2e: mov word ptr cs:[0x389], 0xc
0x12d35: jmp 0x12d1d
0x12d37: mov ah, 0x48
2018-12-25T11:40:58.167260726Z 75 PC: 12d8a | Execute program
2018-12-25T11:40:58.182141826Z 9 PC: 135a7 | Display string (String= 'Smile Again virus Come in !!! Caught By Peter Ferng !!!')
2018-12-25T11:40:58.187511024Z 73 PC: 12d9b | Release memory
2018-12-25T11:40:58.188819516Z 77 PC: 12d9f | Get program return code
2018-12-25T11:40:58.191199064Z 49 PC: 12db2 | Terminate and stay resident (Return code = '0' | Memory size = '160')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":472,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:58.88948373Z 224 PC: 12a5f | UNKNOWN!
2018-12-25T11:40:58.890574704Z 224 PC: 12b2a | UNKNOWN!
2018-12-25T11:40:58.891845019Z 74 PC: 12cb8 | Reallocate memory
2018-12-25T11:40:58.893375101Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:58.895455347Z 37 PC: 12cd1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:58.896967243Z 42 PC: 12d09 | Get date 0x12d09: cmp cx, 0x7c6
0x12d0d: ja 0x12d15
0x12d0f: cmp dx, 0x404
0x12d13: jb 0x12d2b
0x12d15: cmp al, 0
0x12d17: je 0x12d2b
0x12d19: cmp al, 6
0x12d1b: je 0x12d2e
0x12d1d: mov ax, dx
0x12d1f: mov cx, 0xa
0x12d22: push cs
0x12d23: pop ds
0x12d24: mov si, 0xff
0x12d27: repne scasd eax, dword ptr es:[di]
0x12d29: jcxz 0x12d37
0x12d2b: jmp 0x12d73
0x12d2d: nop
0x12d2e: mov word ptr cs:[0x389], 0xc
0x12d35: jmp 0x12d1d
0x12d37: mov ah, 0x48
2018-12-25T11:40:58.899344026Z 75 PC: 12d8a | Execute program
2018-12-25T11:40:58.924043396Z 9 PC: 135a7 | Display string (String= 'Smile Again virus Come in !!! Caught By Peter Ferng !!!')
2018-12-25T11:40:58.929800695Z 73 PC: 12d9b | Release memory
2018-12-25T11:40:58.93145489Z 77 PC: 12d9f | Get program return code
2018-12-25T11:40:58.933281942Z 49 PC: 12db2 | Terminate and stay resident (Return code = '0' | Memory size = '160')