Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.China

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:10.000630867Z	223	PC: 12a44 \| UNKNOWN!
2018-12-17T22:46:10.001855977Z	223	PC: 12c76 \| UNKNOWN!
2018-12-17T22:46:10.004387051Z	74	PC: 12d3d \| Reallocate memory
2018-12-17T22:46:10.006764767Z	42	PC: 12d46 \| Get date 0x12d46: cmp cx, 0x7c7 0x12d4a: jb 0x12d56 0x12d4c: cmp dx, 0x604 0x12d50: jne 0x12d56 0x12d52: inc byte ptr [0x28d] 0x12d56: mov es, word ptr es:[0x2c] 0x12d5b: xor di, di 0x12d5d: xor al, al 0x12d5f: mov cx, 0x7fff 0x12d62: repne scasb al, byte ptr es:[di] 0x12d64: cmp byte ptr es:[di], al 0x12d67: loopne 0x12d62 0x12d69: mov dx, di 0x12d6b: add dx, 3 0x12d6e: mov bx, 0x266 0x12d71: push es 0x12d72: pop ds 0x12d73: push cs 0x12d74: pop es 0x12d75: mov ax, 0x4b00
2018-12-17T22:46:10.009436345Z	75	PC: 12d7e \| Execute program
2018-12-17T22:46:10.025467503Z	9	PC: 13322 \| Display string (String= 'Hello - This is a 100 COM test file, 1993 ')
2018-12-17T22:46:10.032317538Z	77	PC: 12d82 \| Get program return code
2018-12-17T22:46:10.03438463Z	49	PC: 12d89 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8785,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:51.174177047Z	223	PC: 12a44 \| UNKNOWN!
2018-12-25T12:21:51.181675793Z	223	PC: 12c76 \| UNKNOWN!
2018-12-25T12:21:51.183480734Z	74	PC: 12d3d \| Reallocate memory
2018-12-25T12:21:51.185403058Z	42	PC: 12d46 \| Get date 0x12d46: cmp cx, 0x7c7 0x12d4a: jb 0x12d56 0x12d4c: cmp dx, 0x604 0x12d50: jne 0x12d56 0x12d52: inc byte ptr [0x28d] 0x12d56: mov es, word ptr es:[0x2c] 0x12d5b: xor di, di 0x12d5d: xor al, al 0x12d5f: mov cx, 0x7fff 0x12d62: repne scasb al, byte ptr es:[di] 0x12d64: cmp byte ptr es:[di], al 0x12d67: loopne 0x12d62 0x12d69: mov dx, di 0x12d6b: add dx, 3 0x12d6e: mov bx, 0x266 0x12d71: push es 0x12d72: pop ds 0x12d73: push cs 0x12d74: pop es 0x12d75: mov ax, 0x4b00
2018-12-25T12:21:51.188195795Z	75	PC: 12d7e \| Execute program
2018-12-25T12:21:51.202158173Z	9	PC: 13322 \| Display string (String= 'Hello - This is a 100 COM test file, 1993 ')
2018-12-25T12:21:51.210473701Z	77	PC: 12d82 \| Get program return code
2018-12-25T12:21:51.213603926Z	49	PC: 12d89 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8785,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:51.291110801Z	223	PC: 12a44 \| UNKNOWN!
2018-12-25T12:21:51.292377837Z	223	PC: 12c76 \| UNKNOWN!
2018-12-25T12:21:51.304632152Z	74	PC: 12d3d \| Reallocate memory
2018-12-25T12:21:51.306705907Z	42	PC: 12d46 \| Get date 0x12d46: cmp cx, 0x7c7 0x12d4a: jb 0x12d56 0x12d4c: cmp dx, 0x604 0x12d50: jne 0x12d56 0x12d52: inc byte ptr [0x28d] 0x12d56: mov es, word ptr es:[0x2c] 0x12d5b: xor di, di 0x12d5d: xor al, al 0x12d5f: mov cx, 0x7fff 0x12d62: repne scasb al, byte ptr es:[di] 0x12d64: cmp byte ptr es:[di], al 0x12d67: loopne 0x12d62 0x12d69: mov dx, di 0x12d6b: add dx, 3 0x12d6e: mov bx, 0x266 0x12d71: push es 0x12d72: pop ds 0x12d73: push cs 0x12d74: pop es 0x12d75: mov ax, 0x4b00
2018-12-25T12:21:51.309134557Z	75	PC: 12d7e \| Execute program
2018-12-25T12:21:51.325457319Z	9	PC: 13322 \| Display string (String= 'Hello - This is a 100 COM test file, 1993 ')
2018-12-25T12:21:51.333968279Z	77	PC: 12d82 \| Get program return code
2018-12-25T12:21:51.335797072Z	49	PC: 12d89 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')

{"DateBased":true,"Day":4,"Month":6,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8785,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:51.358328687Z	223	PC: 12a44 \| UNKNOWN!
2018-12-25T12:21:51.359936501Z	223	PC: 12c76 \| UNKNOWN!
2018-12-25T12:21:51.361574487Z	74	PC: 12d3d \| Reallocate memory
2018-12-25T12:21:51.363380111Z	42	PC: 12d46 \| Get date 0x12d46: cmp cx, 0x7c7 0x12d4a: jb 0x12d56 0x12d4c: cmp dx, 0x604 0x12d50: jne 0x12d56 0x12d52: inc byte ptr [0x28d] 0x12d56: mov es, word ptr es:[0x2c] 0x12d5b: xor di, di 0x12d5d: xor al, al 0x12d5f: mov cx, 0x7fff 0x12d62: repne scasb al, byte ptr es:[di] 0x12d64: cmp byte ptr es:[di], al 0x12d67: loopne 0x12d62 0x12d69: mov dx, di 0x12d6b: add dx, 3 0x12d6e: mov bx, 0x266 0x12d71: push es 0x12d72: pop ds 0x12d73: push cs 0x12d74: pop es 0x12d75: mov ax, 0x4b00
2018-12-25T12:21:51.366582565Z	75	PC: 12d7e \| Execute program
2018-12-25T12:21:51.38536687Z	9	PC: 13322 \| Display string (String= 'Hello - This is a 100 COM test file, 1993 ')
2018-12-25T12:21:51.392841001Z	77	PC: 12d82 \| Get program return code
2018-12-25T12:21:51.394650498Z	49	PC: 12d89 \| Terminate and stay resident (Return code = '0' \| Memory size = '130')