Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Limpia.888

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:55:53.151876756Z	252	PC: 12ab1 \| UNKNOWN!
2018-12-17T21:55:53.153654054Z	42	PC: 12af1 \| Get date 0x12af1: mov byte ptr cs:[0x140], 0 0x12af7: cmp dh, 8 0x12afa: jne 0x12b06 0x12afc: cmp dl, 0x15 0x12aff: jne 0x12b06 0x12b01: inc byte ptr cs:[0x140] 0x12b06: nop 0x12b07: mov ax, 0x3508 0x12b0a: int 0x21 0x12b0c: mov word ptr cs:[0x145], bx 0x12b11: mov word ptr cs:[0x147], es 0x12b16: mov word ptr cs:[0x13e], 0x7fff 0x12b1d: mov ax, 0x2508 0x12b20: mov dx, 0x238 0x12b23: int 0x21 0x12b25: mov ax, 0x3521 0x12b28: int 0x21 0x12b2a: mov word ptr cs:[0x149], bx 0x12b2f: mov word ptr cs:[0x14b], es 0x12b34: mov dx, 0x26e
2018-12-17T21:55:53.155953459Z	53	PC: 12b0c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:55:53.157231043Z	37	PC: 12b25 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:55:53.158723715Z	53	PC: 12b2a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:53.160743959Z	37	PC: 12b3c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:53.166677294Z	54	PC: 12c36 \| Get free disk space
2018-12-17T21:55:53.17736125Z	67	PC: 12c51 \| Get or set file attributes
2018-12-17T21:55:53.189736834Z	61	PC: 12c82 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T21:55:53.201893912Z	66	PC: 12c95 \| Move file pointer
2018-12-17T21:55:53.203299184Z	63	PC: 12cae \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T21:55:53.210566736Z	62	PC: 12cbb \| Close file
2018-12-17T21:55:53.212625124Z	75	PC: 12b65 \| Execute program
2018-12-17T21:55:53.220695246Z	77	PC: 12b69 \| Get program return code
2018-12-17T21:55:53.22324335Z	49	PC: 12b77 \| Terminate and stay resident (Return code = '0' \| Memory size = '81')