Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Apocalypse.1414

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:29.022746377Z	245	PC: 199f6 \| UNKNOWN!
2018-12-17T22:35:29.024653624Z	74	PC: 12ada \| Reallocate memory
2018-12-17T22:35:29.026205505Z	42	PC: 12dec \| Get date 0x12dec: and dh, 1 0x12def: jne 0x12e53 0x12df1: cmp dl, 0xa 0x12df4: ja 0x12e53 0x12df6: mov bx, 0x20 0x12df9: mov ah, 0x48 0x12dfb: int 0x21 0x12dfd: jb 0x12e53 0x12dff: mov es, ax 0x12e01: mov ax, 0x201 0x12e04: xor bx, bx 0x12e06: mov cx, 1 0x12e09: mov dx, 0x80 0x12e0c: int 0x13 0x12e0e: cmp word ptr es:[0x1bc], 0xf5aa 0x12e15: je 0x12e4f 0x12e17: mov cx, 3 0x12e1a: mov ax, 0x301 0x12e1d: int 0x13 0x12e1f: mov bx, 0x1be
2018-12-17T22:35:29.028353604Z	53	PC: 12ae2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:29.029886559Z	37	PC: 12af2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:29.032548501Z	53	PC: 12bfc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:29.033979825Z	37	PC: 12c0c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:29.035541033Z	54	PC: 12c17 \| Get free disk space
2018-12-17T22:35:29.045894511Z	67	PC: 12c27 \| Get or set file attributes
2018-12-17T22:35:29.052299784Z	67	PC: 12c42 \| Get or set file attributes
2018-12-17T22:35:29.069140037Z	61	PC: 12c49 \| Open file (Filename = '')
2018-12-17T22:35:29.077332621Z	87	PC: 12c68 \| Get or set file date and time
2018-12-17T22:35:29.080756833Z	63	PC: 12c87 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:29.083114996Z	87	PC: 12c9f \| Get or set file date and time
2018-12-17T22:35:29.085453502Z	62	PC: 12c73 \| Close file
2018-12-17T22:35:29.092879188Z	67	PC: 12c5a \| Get or set file attributes
2018-12-17T22:35:29.106041824Z	37	PC: 12c33 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:29.110256499Z	75	PC: 12b43 \| Execute program
2018-12-17T22:35:29.132531214Z	9	PC: 13172 \| Display string (String= 'Goat file (EXE). Size=00007148h/0000029000d bytes. ')
2018-12-17T22:35:29.136599474Z	76	PC: 13176 \| Terminate with return code (Return code = '36')
2018-12-17T22:35:29.141952743Z	77	PC: 12b4e \| Get program return code
2018-12-17T22:35:29.143646039Z	49	PC: 12b5f \| Terminate and stay resident (Return code = '36' \| Memory size = '89')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6391,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:17.001757576Z	245	PC: 199f6 \| UNKNOWN!
2018-12-25T11:59:17.003614214Z	74	PC: 12ada \| Reallocate memory
2018-12-25T11:59:17.005236738Z	42	PC: 12dec \| Get date 0x12dec: and dh, 1 0x12def: jne 0x12e53 0x12df1: cmp dl, 0xa 0x12df4: ja 0x12e53 0x12df6: mov bx, 0x20 0x12df9: mov ah, 0x48 0x12dfb: int 0x21 0x12dfd: jb 0x12e53 0x12dff: mov es, ax 0x12e01: mov ax, 0x201 0x12e04: xor bx, bx 0x12e06: mov cx, 1 0x12e09: mov dx, 0x80 0x12e0c: int 0x13 0x12e0e: cmp word ptr es:[0x1bc], 0xf5aa 0x12e15: je 0x12e4f 0x12e17: mov cx, 3 0x12e1a: mov ax, 0x301 0x12e1d: int 0x13 0x12e1f: mov bx, 0x1be
2018-12-25T11:59:17.007661605Z	53	PC: 12ae2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:17.020275633Z	37	PC: 12af2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:17.021793666Z	53	PC: 12bfc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:17.023674096Z	37	PC: 12c0c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:17.025233974Z	54	PC: 12c17 \| Get free disk space
2018-12-25T11:59:17.035365588Z	67	PC: 12c27 \| Get or set file attributes
2018-12-25T11:59:17.041763433Z	67	PC: 12c42 \| Get or set file attributes
2018-12-25T11:59:17.05862479Z	61	PC: 12c49 \| Open file (Filename = '')
2018-12-25T11:59:17.06330288Z	87	PC: 12c68 \| Get or set file date and time
2018-12-25T11:59:17.064848275Z	63	PC: 12c87 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:59:17.06783771Z	87	PC: 12c9f \| Get or set file date and time
2018-12-25T11:59:17.070231664Z	62	PC: 12c73 \| Close file
2018-12-25T11:59:17.081299608Z	67	PC: 12c5a \| Get or set file attributes
2018-12-25T11:59:17.092529713Z	37	PC: 12c33 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:17.094517485Z	75	PC: 12b43 \| Execute program
2018-12-25T11:59:17.112665646Z	9	PC: 13172 \| Display string (String= 'Goat file (EXE). Size=00007148h/0000029000d bytes. ')
2018-12-25T11:59:17.118855891Z	76	PC: 13176 \| Terminate with return code (Return code = '36')
2018-12-25T11:59:17.123054738Z	77	PC: 12b4e \| Get program return code
2018-12-25T11:59:17.124713228Z	49	PC: 12b5f \| Terminate and stay resident (Return code = '36' \| Memory size = '89')

{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6391,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:17.700111122Z	245	PC: 199f6 \| UNKNOWN!
2018-12-25T11:59:17.701008335Z	74	PC: 12ada \| Reallocate memory
2018-12-25T11:59:17.702393274Z	42	PC: 12dec \| Get date 0x12dec: and dh, 1 0x12def: jne 0x12e53 0x12df1: cmp dl, 0xa 0x12df4: ja 0x12e53 0x12df6: mov bx, 0x20 0x12df9: mov ah, 0x48 0x12dfb: int 0x21 0x12dfd: jb 0x12e53 0x12dff: mov es, ax 0x12e01: mov ax, 0x201 0x12e04: xor bx, bx 0x12e06: mov cx, 1 0x12e09: mov dx, 0x80 0x12e0c: int 0x13 0x12e0e: cmp word ptr es:[0x1bc], 0xf5aa 0x12e15: je 0x12e4f 0x12e17: mov cx, 3 0x12e1a: mov ax, 0x301 0x12e1d: int 0x13 0x12e1f: mov bx, 0x1be
2018-12-25T11:59:17.704828201Z	53	PC: 12ae2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:17.706115197Z	37	PC: 12af2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:17.707637069Z	53	PC: 12bfc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:17.70918798Z	37	PC: 12c0c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:17.710331709Z	54	PC: 12c17 \| Get free disk space
2018-12-25T11:59:17.71896982Z	67	PC: 12c27 \| Get or set file attributes
2018-12-25T11:59:17.724603673Z	67	PC: 12c42 \| Get or set file attributes
2018-12-25T11:59:18.330454697Z	61	PC: 12c49 \| Open file (Filename = '')
2018-12-25T11:59:18.336988396Z	87	PC: 12c68 \| Get or set file date and time
2018-12-25T11:59:18.338747505Z	63	PC: 12c87 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:59:18.342162683Z	87	PC: 12c9f \| Get or set file date and time
2018-12-25T11:59:18.343974941Z	62	PC: 12c73 \| Close file
2018-12-25T11:59:18.353816957Z	67	PC: 12c5a \| Get or set file attributes
2018-12-25T11:59:18.364210844Z	37	PC: 12c33 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:18.365409657Z	75	PC: 12b43 \| Execute program
2018-12-25T11:59:18.382110433Z	9	PC: 13172 \| Display string (String= 'Goat file (EXE). Size=00007148h/0000029000d bytes. ')
2018-12-25T11:59:18.38816817Z	76	PC: 13176 \| Terminate with return code (Return code = '36')
2018-12-25T11:59:18.391922455Z	77	PC: 12b4e \| Get program return code
2018-12-25T11:59:18.393432272Z	49	PC: 12b5f \| Terminate and stay resident (Return code = '36' \| Memory size = '89')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6391,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:17.781876212Z	245	PC: 199f6 \| UNKNOWN!
2018-12-25T11:59:17.783128048Z	74	PC: 12ada \| Reallocate memory
2018-12-25T11:59:17.784423503Z	42	PC: 12dec \| Get date 0x12dec: and dh, 1 0x12def: jne 0x12e53 0x12df1: cmp dl, 0xa 0x12df4: ja 0x12e53 0x12df6: mov bx, 0x20 0x12df9: mov ah, 0x48 0x12dfb: int 0x21 0x12dfd: jb 0x12e53 0x12dff: mov es, ax 0x12e01: mov ax, 0x201 0x12e04: xor bx, bx 0x12e06: mov cx, 1 0x12e09: mov dx, 0x80 0x12e0c: int 0x13 0x12e0e: cmp word ptr es:[0x1bc], 0xf5aa 0x12e15: je 0x12e4f 0x12e17: mov cx, 3 0x12e1a: mov ax, 0x301 0x12e1d: int 0x13 0x12e1f: mov bx, 0x1be
2018-12-25T11:59:17.786350817Z	72	PC: 12dfd \| Allocate memory
2018-12-25T11:59:18.330492523Z	73	PC: 12e53 \| Release memory
2018-12-25T11:59:18.332617474Z	53	PC: 12ae2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:18.3346087Z	37	PC: 12af2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:18.337274964Z	53	PC: 12bfc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:18.338400378Z	37	PC: 12c0c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:18.339850985Z	54	PC: 12c17 \| Get free disk space
2018-12-25T11:59:18.349934157Z	67	PC: 12c27 \| Get or set file attributes
2018-12-25T11:59:18.355772101Z	67	PC: 12c42 \| Get or set file attributes
2018-12-25T11:59:18.371010036Z	61	PC: 12c49 \| Open file (Filename = '')
2018-12-25T11:59:18.379063706Z	87	PC: 12c68 \| Get or set file date and time
2018-12-25T11:59:18.381475433Z	63	PC: 12c87 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:59:18.384036147Z	87	PC: 12c9f \| Get or set file date and time
2018-12-25T11:59:18.386062691Z	62	PC: 12c73 \| Close file
2018-12-25T11:59:18.393208217Z	67	PC: 12c5a \| Get or set file attributes
2018-12-25T11:59:18.40300356Z	37	PC: 12c33 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:18.404741003Z	75	PC: 12b43 \| Execute program
2018-12-25T11:59:18.421492813Z	9	PC: 13172 \| Display string (String= 'Goat file (EXE). Size=00007148h/0000029000d bytes. ')
2018-12-25T11:59:18.427223653Z	76	PC: 13176 \| Terminate with return code (Return code = '36')
2018-12-25T11:59:18.431383786Z	77	PC: 12b4e \| Get program return code
2018-12-25T11:59:18.432835972Z	49	PC: 12b5f \| Terminate and stay resident (Return code = '36' \| Memory size = '89')