Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Fumanchu.2080.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:40.71745709Z	225	PC: 12ccc \| UNKNOWN!
2018-12-17T22:30:40.719929226Z	74	PC: 12d0e \| Reallocate memory
2018-12-17T22:30:40.721287508Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:40.722395991Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:40.727716535Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:30:40.728978442Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:30:40.730118117Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov ax, 0x2516 0x12d8e: mov dx, 0x749 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-17T22:30:40.732569735Z	53	PC: 12d83 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:30:40.733773275Z	37	PC: 12d93 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:30:40.735422724Z	75	PC: 12dd6 \| Execute program
2018-12-17T22:30:40.752581543Z	9	PC: 134f9 \| Display string (Could not find end pointer)
2018-12-17T22:30:40.756474223Z	76	PC: 134ff \| Terminate with return code (Return code = '0')
2018-12-17T22:30:40.759244011Z	73	PC: 12ddc \| Release memory
2018-12-17T22:30:40.760395398Z	77	PC: 12de0 \| Get program return code
2018-12-17T22:30:40.761918352Z	49	PC: 12dee \| Terminate and stay resident (Return code = '0' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5487,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:34.504177525Z	225	PC: 12ccc \| UNKNOWN!
2018-12-25T11:54:34.506122088Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:54:34.507749197Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:34.509035556Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:34.510542788Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:54:34.511935546Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:54:34.513277862Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov ax, 0x2516 0x12d8e: mov dx, 0x749 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:54:34.515692931Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:54:34.531640445Z	9	PC: 134f9 \| Display string (Could not find end pointer)
2018-12-25T11:54:34.53502518Z	76	PC: 134ff \| Terminate with return code (Return code = '0')
2018-12-25T11:54:34.537088914Z	73	PC: 12ddc \| Release memory
2018-12-25T11:54:34.538840344Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:54:34.540865116Z	49	PC: 12dee \| Terminate and stay resident (Return code = '0' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5487,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:34.508730384Z	225	PC: 12ccc \| UNKNOWN!
2018-12-25T11:54:34.51009235Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:54:34.513630539Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:34.515330314Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:34.517201904Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:54:34.519952418Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:54:34.521626657Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov ax, 0x2516 0x12d8e: mov dx, 0x749 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:54:34.524509554Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:54:34.541841352Z	9	PC: 134f9 \| Display string (Could not find end pointer)
2018-12-25T11:54:34.545710298Z	76	PC: 134ff \| Terminate with return code (Return code = '0')
2018-12-25T11:54:34.548705279Z	73	PC: 12ddc \| Release memory
2018-12-25T11:54:34.556079795Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:54:34.557665964Z	49	PC: 12dee \| Terminate and stay resident (Return code = '0' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":8,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5487,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:35.398856335Z	225	PC: 12ccc \| UNKNOWN!
2018-12-25T11:54:35.400591008Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:54:35.401991851Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:35.40359745Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:35.405274816Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:54:35.406838615Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:54:35.408202503Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov ax, 0x2516 0x12d8e: mov dx, 0x749 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:54:35.413690135Z	53	PC: 12d83 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:54:35.426902673Z	37	PC: 12d93 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:54:35.427968399Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:54:35.442220253Z	9	PC: 134f9 \| Display string (Could not find end pointer)
2018-12-25T11:54:35.448093542Z	76	PC: 134ff \| Terminate with return code (Return code = '0')
2018-12-25T11:54:35.451253498Z	73	PC: 12ddc \| Release memory
2018-12-25T11:54:35.452785084Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:54:35.454740492Z	49	PC: 12dee \| Terminate and stay resident (Return code = '0' \| Memory size = '146')