Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Hermanos.2015

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:07.885483643Z	255	PC: 12c2f \| UNKNOWN!
2018-12-17T21:51:07.886858283Z	53	PC: 12c47 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:07.887904246Z	37	PC: 12c65 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:51:07.889005566Z	74	PC: 12cbb \| Reallocate memory
2018-12-17T21:51:07.897391593Z	44	PC: 12d62 \| Get time 0x12d62: mov byte ptr cs:[0x2b9], ch 0x12d67: cmp byte ptr cs:[0x2b9], 0 0x12d6d: jne 0x12d75 0x12d6f: mov byte ptr cs:[0x2b9], 6 0x12d75: mov ah, 0x2a 0x12d77: int 0x21 0x12d79: mov byte ptr cs:[0x2b4], dl 0x12d7e: mov byte ptr cs:[0x2b5], dh 0x12d83: mov word ptr cs:[0x2b6], cx 0x12d88: mov byte ptr cs:[0x2b8], al 0x12d8c: xor ax, ax 0x12d8e: mov al, dl 0x12d90: mov bl, 2 0x12d92: div bl 0x12d94: cmp ah, 0 0x12d97: jne 0x12d9f 0x12d99: mov byte ptr cs:[0x103], 1 0x12d9f: push es 0x12da0: mov ax, cs 0x12da2: mov ds, ax
2018-12-17T21:51:07.899170058Z	42	PC: 12d79 \| Get date 0x12d79: mov byte ptr cs:[0x2b4], dl 0x12d7e: mov byte ptr cs:[0x2b5], dh 0x12d83: mov word ptr cs:[0x2b6], cx 0x12d88: mov byte ptr cs:[0x2b8], al 0x12d8c: xor ax, ax 0x12d8e: mov al, dl 0x12d90: mov bl, 2 0x12d92: div bl 0x12d94: cmp ah, 0 0x12d97: jne 0x12d9f 0x12d99: mov byte ptr cs:[0x103], 1 0x12d9f: push es 0x12da0: mov ax, cs 0x12da2: mov ds, ax 0x12da4: mov es, ax 0x12da6: mov si, 0x1bf 0x12da9: mov di, si 0x12dab: lodsb al, byte ptr [si] 0x12dac: xor al, byte ptr [0x2b3] 0x12db0: stosb byte ptr es:[di], al
2018-12-17T21:51:07.901113992Z	54	PC: 12ece \| Get free disk space
2018-12-17T21:51:07.909381839Z	67	PC: 12f64 \| Get or set file attributes
2018-12-17T21:51:07.915343464Z	61	PC: 12fb0 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T21:51:07.921936254Z	66	PC: 12fc4 \| Move file pointer
2018-12-17T21:51:07.923449228Z	66	PC: 12fde \| Move file pointer
2018-12-17T21:51:07.925044507Z	63	PC: 12ff0 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:51:07.92726028Z	62	PC: 1302b \| Close file
2018-12-17T21:51:07.928779599Z	75	PC: 12ce7 \| Execute program
2018-12-17T21:51:07.941059015Z	76	PC: 22a85 \| Terminate with return code (Return code = '0')
2018-12-17T21:51:07.943316594Z	73	PC: 12ceb \| Release memory
2018-12-17T21:51:07.944281823Z	49	PC: 12cf1 \| Terminate and stay resident (Return code = '0' \| Memory size = '142')