Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.1244.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:03.127075814Z	224	PC: 12a59 \| UNKNOWN!
2018-12-17T22:44:03.128431781Z	224	PC: 12a9f \| UNKNOWN!
2018-12-17T22:44:03.129545998Z	74	PC: 12b12 \| Reallocate memory
2018-12-17T22:44:03.130803732Z	53	PC: 12b17 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:03.132143022Z	37	PC: 12b27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:03.13514281Z	53	PC: 12b31 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:44:03.136997044Z	42	PC: 12b3d \| Get date 0x12b3d: cmp dx, 0x101 0x12b41: jne 0x12b48 0x12b43: mov byte ptr [3], 0 0x12b48: cmp byte ptr [3], 0x20 0x12b4d: jb 0x12b60 0x12b4f: cmp cx, 0x7c8 0x12b53: jb 0x12b60 0x12b55: mov ax, word ptr [0x10] 0x12b58: xor ax, dx 0x12b5a: mov word ptr [0x1c4], ax 0x12b5d: mov byte ptr [0xa7], al 0x12b60: mov ax, 0x2508 0x12b63: mov dx, 0x170 0x12b66: int 0x21 0x12b68: mov es, word ptr [0x43] 0x12b6c: mov es, word ptr es:[0x2c] 0x12b71: xor di, di 0x12b73: mov cx, 0x7fff 0x12b76: xor al, al 0x12b78: repne scasb al, byte ptr es:[di]
2018-12-17T22:44:03.139755537Z	37	PC: 12b68 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:44:03.141960512Z	75	PC: 12b94 \| Execute program
2018-12-17T22:44:03.162669305Z	9	PC: 130fd \| Display string (String= ' Salve !!! Questo programma � infettato dal Virus 1244 Clash Collection ')
2018-12-17T22:44:03.196472758Z	73	PC: 12b9a \| Release memory
2018-12-17T22:44:03.19842131Z	77	PC: 12b9e \| Get program return code
2018-12-17T22:44:03.199571455Z	49	PC: 12ba5 \| Terminate and stay resident (Return code = '0' \| Memory size = '90')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8086,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:20.168695804Z	224	PC: 12a59 \| UNKNOWN!
2018-12-25T12:03:20.170371528Z	224	PC: 12a9f \| UNKNOWN!
2018-12-25T12:03:20.171309324Z	74	PC: 12b12 \| Reallocate memory
2018-12-25T12:03:20.17248936Z	53	PC: 12b17 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:20.173864283Z	37	PC: 12b27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:20.175665554Z	53	PC: 12b31 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:03:20.178478926Z	42	PC: 12b3d \| Get date 0x12b3d: cmp dx, 0x101 0x12b41: jne 0x12b48 0x12b43: mov byte ptr [3], 0 0x12b48: cmp byte ptr [3], 0x20 0x12b4d: jb 0x12b60 0x12b4f: cmp cx, 0x7c8 0x12b53: jb 0x12b60 0x12b55: mov ax, word ptr [0x10] 0x12b58: xor ax, dx 0x12b5a: mov word ptr [0x1c4], ax 0x12b5d: mov byte ptr [0xa7], al 0x12b60: mov ax, 0x2508 0x12b63: mov dx, 0x170 0x12b66: int 0x21 0x12b68: mov es, word ptr [0x43] 0x12b6c: mov es, word ptr es:[0x2c] 0x12b71: xor di, di 0x12b73: mov cx, 0x7fff 0x12b76: xor al, al 0x12b78: repne scasb al, byte ptr es:[di]
2018-12-25T12:03:20.181878896Z	37	PC: 12b68 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:03:20.185255871Z	75	PC: 12b94 \| Execute program
2018-12-25T12:03:20.196923084Z	9	PC: 130fd \| Display string (String= ' Salve !!! Questo programma � infettato dal Virus 1244 Clash Collection ')
2018-12-25T12:03:20.222366652Z	73	PC: 12b9a \| Release memory
2018-12-25T12:03:20.224082882Z	77	PC: 12b9e \| Get program return code
2018-12-25T12:03:20.225166171Z	49	PC: 12ba5 \| Terminate and stay resident (Return code = '0' \| Memory size = '90')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8086,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:20.216526756Z	224	PC: 12a59 \| UNKNOWN!
2018-12-25T12:03:20.217716509Z	224	PC: 12a9f \| UNKNOWN!
2018-12-25T12:03:20.218782902Z	74	PC: 12b12 \| Reallocate memory
2018-12-25T12:03:20.220166005Z	53	PC: 12b17 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:20.222107558Z	37	PC: 12b27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:20.226461444Z	53	PC: 12b31 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:03:20.227936118Z	42	PC: 12b3d \| Get date 0x12b3d: cmp dx, 0x101 0x12b41: jne 0x12b48 0x12b43: mov byte ptr [3], 0 0x12b48: cmp byte ptr [3], 0x20 0x12b4d: jb 0x12b60 0x12b4f: cmp cx, 0x7c8 0x12b53: jb 0x12b60 0x12b55: mov ax, word ptr [0x10] 0x12b58: xor ax, dx 0x12b5a: mov word ptr [0x1c4], ax 0x12b5d: mov byte ptr [0xa7], al 0x12b60: mov ax, 0x2508 0x12b63: mov dx, 0x170 0x12b66: int 0x21 0x12b68: mov es, word ptr [0x43] 0x12b6c: mov es, word ptr es:[0x2c] 0x12b71: xor di, di 0x12b73: mov cx, 0x7fff 0x12b76: xor al, al 0x12b78: repne scasb al, byte ptr es:[di]
2018-12-25T12:03:20.230434249Z	37	PC: 12b68 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:03:20.231894383Z	75	PC: 12b94 \| Execute program
2018-12-25T12:03:20.246694925Z	9	PC: 130fd \| Display string (String= ' Salve !!! Questo programma � infettato dal Virus 1244 Clash Collection ')
2018-12-25T12:03:20.28016536Z	73	PC: 12b9a \| Release memory
2018-12-25T12:03:20.282373256Z	77	PC: 12b9e \| Get program return code
2018-12-25T12:03:20.283651614Z	49	PC: 12ba5 \| Terminate and stay resident (Return code = '0' \| Memory size = '90')