Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Plastique.3012.d

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:48.474166469Z 75 PC: 13319 | Execute program
2018-12-17T22:45:48.477058781Z 75 PC: 1336a | Execute program
2018-12-17T22:45:48.586044274Z 74 PC: 1341e | Reallocate memory
2018-12-17T22:45:48.588174815Z 53 PC: 13423 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:48.590022994Z 37 PC: 13437 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:48.591939884Z 42 PC: 13469 | Get date 0x13469: sub cx, 0x7bc
0x1346d: mov ax, cx
0x1346f: mov bx, dx
0x13471: mov cx, 0x168
0x13474: mul cx
0x13476: xchg ax, bx
0x13477: add bl, al
0x13479: adc bh, 0
0x1347c: mov al, ah
0x1347e: mov cl, 0x1e
0x13480: mul cl
0x13482: add ax, bx
0x13484: sub ax, word ptr [0x30]
0x13488: ja 0x1348d
0x1348a: jmp 0x13510
0x1348d: add word ptr [0x30], ax
0x13491: cmp ax, 7
0x13494: ja 0x13499
0x13496: jmp 0x13510
0x13498: nop
2018-12-17T22:45:48.594469279Z 75 PC: 1351c | Execute program
2018-12-17T22:45:48.610694931Z 9 PC: 13892 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:45:48.62371579Z 76 PC: 13896 | Terminate with return code (Return code = '36')
2018-12-17T22:45:48.627448676Z 73 PC: 13522 | Release memory
2018-12-17T22:45:48.62930914Z 77 PC: 13526 | Get program return code
2018-12-17T22:45:48.634157979Z 49 PC: 13534 | Terminate and stay resident (Return code = '36' | Memory size = '204')