Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Fumanchu.2080.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:33:39.834298004Z	225	PC: 12c33 \| UNKNOWN!
2018-12-17T22:33:39.835293305Z	225	PC: 12c8c \| UNKNOWN!
2018-12-17T22:33:39.837147769Z	74	PC: 12d0e \| Reallocate memory
2018-12-17T22:33:39.838779725Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:39.839855799Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:39.842229154Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:33:39.845731867Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:33:39.84745785Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov ax, 0x2516 0x12d8e: mov dx, 0x749 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-17T22:33:39.855233426Z	53	PC: 12d83 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:33:39.857065721Z	37	PC: 12d93 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:33:39.859032167Z	75	PC: 12dd6 \| Execute program
2018-12-17T22:33:39.876268397Z	9	PC: 13502 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:33:39.881408307Z	76	PC: 13506 \| Terminate with return code (Return code = '36')
2018-12-17T22:33:39.884965537Z	73	PC: 12ddc \| Release memory
2018-12-17T22:33:39.887148009Z	77	PC: 12de0 \| Get program return code
2018-12-17T22:33:39.889211376Z	49	PC: 12dee \| Terminate and stay resident (Return code = '36' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6023,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:15.573645215Z	225	PC: 12c33 \| UNKNOWN!
2018-12-25T11:58:15.575580138Z	225	PC: 12c8c \| UNKNOWN!
2018-12-25T11:58:15.576627521Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:58:15.577918903Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:15.579643192Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:15.58109047Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:58:15.582244058Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:58:15.584007685Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov ax, 0x2516 0x12d8e: mov dx, 0x749 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:58:15.586087088Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:58:15.600518448Z	9	PC: 13502 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:58:15.605620472Z	76	PC: 13506 \| Terminate with return code (Return code = '36')
2018-12-25T11:58:15.609101661Z	73	PC: 12ddc \| Release memory
2018-12-25T11:58:15.610440472Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:58:15.611727466Z	49	PC: 12dee \| Terminate and stay resident (Return code = '36' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":8,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6023,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:15.692913778Z	225	PC: 12c33 \| UNKNOWN!
2018-12-25T11:58:15.695472402Z	225	PC: 12c8c \| UNKNOWN!
2018-12-25T11:58:15.696795413Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:58:15.698359473Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:15.702136858Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:15.704551848Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:58:15.70686869Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:58:15.709972553Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov ax, 0x2516 0x12d8e: mov dx, 0x749 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:58:15.712739403Z	53	PC: 12d83 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:58:15.714384133Z	37	PC: 12d93 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:58:15.716168185Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:58:15.732356216Z	9	PC: 13502 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:58:15.738760611Z	76	PC: 13506 \| Terminate with return code (Return code = '36')
2018-12-25T11:58:15.742369563Z	73	PC: 12ddc \| Release memory
2018-12-25T11:58:15.745358605Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:58:15.746752023Z	49	PC: 12dee \| Terminate and stay resident (Return code = '36' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6023,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:16.261000466Z	225	PC: 12c33 \| UNKNOWN!
2018-12-25T11:58:16.262687267Z	225	PC: 12c8c \| UNKNOWN!
2018-12-25T11:58:16.264072647Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:58:16.265669668Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:16.268493304Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:16.270091344Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:58:16.271408278Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:58:16.273357886Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov ax, 0x2516 0x12d8e: mov dx, 0x749 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:58:16.275966347Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:58:16.290989241Z	9	PC: 13502 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:58:16.297642263Z	76	PC: 13506 \| Terminate with return code (Return code = '36')
2018-12-25T11:58:16.299752794Z	73	PC: 12ddc \| Release memory
2018-12-25T11:58:16.301098166Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:58:16.303129772Z	49	PC: 12dee \| Terminate and stay resident (Return code = '36' \| Memory size = '146')