Sample viewer

vx.netlux.org/Virus.DOS.Wanderer_M.1087

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:59.854007776Z 240 PC: 12cf7 | UNKNOWN!
2018-12-17T22:59:59.85656968Z 74 PC: 12da8 | Reallocate memory
2018-12-17T22:59:59.858769514Z 75 PC: 12e13 | Execute program
2018-12-17T22:59:59.879023867Z 76 PC: 13055 | Terminate with return code (Return code = '0')
2018-12-17T22:59:59.884439615Z 73 PC: 12e1a | Release memory
2018-12-17T22:59:59.88661893Z 44 PC: 12e1f | Get time 0x12e1f: cmp cl, 7
0x12e22: jne 0x12e2b
0x12e24: mov byte ptr cs:[0x46d], 1
0x12e2a: nop
0x12e2b: mov al, 0x31
0x12e2d: mov dx, 0x57
0x12e30: call 0x22a85
0x12e33: inc word ptr [bx + si]
0x12e35: add byte ptr [bx + si], al
0x12e37: add byte ptr [bx + si], 0x94
0x12e3a: adc bl, byte ptr [si]
0x12e3d: xchg ax, sp
0x12e3e: adc ch, byte ptr [si]
0x12e41: xchg ax, sp
0x12e42: adc dl, byte ptr [bx + si]
0x12e46: add byte ptr [bx + si], al
0x12e48: add byte ptr [bx + si], al
0x12e4a: add byte ptr [bx + si], al
0x12e4c: add byte ptr [bx + si], al
0x12e4e: add byte ptr [bx + si], al
2018-12-17T22:59:59.889421547Z 49 PC: 12a8d | Terminate and stay resident (Return code = '44' | Memory size = '87')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13397,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:09.731933373Z 240 PC: 12cf7 | UNKNOWN!
2018-12-25T12:38:09.739413432Z 74 PC: 12da8 | Reallocate memory
2018-12-25T12:38:09.740828131Z 75 PC: 12e13 | Execute program
2018-12-25T12:38:09.754400101Z 76 PC: 13055 | Terminate with return code (Return code = '0')
2018-12-25T12:38:09.758099366Z 73 PC: 12e1a | Release memory
2018-12-25T12:38:09.759370973Z 44 PC: 12e1f | Get time 0x12e1f: cmp cl, 7
0x12e22: jne 0x12e2b
0x12e24: mov byte ptr cs:[0x46d], 1
0x12e2a: nop
0x12e2b: mov al, 0x31
0x12e2d: mov dx, 0x57
0x12e30: call 0x22a85
0x12e33: inc word ptr [bx + si]
0x12e35: add byte ptr [bx + si], al
0x12e37: add byte ptr [bx + si], 0x94
0x12e3a: adc bl, byte ptr [si]
0x12e3d: xchg ax, sp
0x12e3e: adc ch, byte ptr [si]
0x12e41: xchg ax, sp
0x12e42: adc dl, byte ptr [bx + si]
0x12e46: add byte ptr [bx + si], al
0x12e48: add byte ptr [bx + si], al
0x12e4a: add byte ptr [bx + si], al
0x12e4c: add byte ptr [bx + si], al
0x12e4e: add byte ptr [bx + si], al
2018-12-25T12:38:09.761793876Z 49 PC: 12a8d | Terminate and stay resident (Return code = '44' | Memory size = '87')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":7,"Second":0,"TimeBased":true,"OriginalID":13397,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:09.789183671Z 240 PC: 12cf7 | UNKNOWN!
2018-12-25T12:38:09.791210832Z 74 PC: 12da8 | Reallocate memory
2018-12-25T12:38:09.792849245Z 75 PC: 12e13 | Execute program
2018-12-25T12:38:09.818669022Z 76 PC: 13055 | Terminate with return code (Return code = '0')
2018-12-25T12:38:09.823531964Z 73 PC: 12e1a | Release memory
2018-12-25T12:38:09.827507185Z 44 PC: 12e1f | Get time 0x12e1f: cmp cl, 7
0x12e22: jne 0x12e2b
0x12e24: mov byte ptr cs:[0x46d], 1
0x12e2a: nop
0x12e2b: mov al, 0x31
0x12e2d: mov dx, 0x57
0x12e30: call 0x22a85
0x12e33: inc word ptr [bx + si]
0x12e35: add byte ptr [bx + si], al
0x12e37: add byte ptr [bx + si], 0x94
0x12e3a: adc bl, byte ptr [si]
0x12e3d: xchg ax, sp
0x12e3e: adc ch, byte ptr [si]
0x12e41: xchg ax, sp
0x12e42: adc dl, byte ptr [bx + si]
0x12e46: add byte ptr [bx + si], al
0x12e48: add byte ptr [bx + si], al
0x12e4a: add byte ptr [bx + si], al
0x12e4c: add byte ptr [bx + si], al
0x12e4e: add byte ptr [bx + si], al
2018-12-25T12:38:09.829238915Z 49 PC: 12a8d | Terminate and stay resident (Return code = '44' | Memory size = '87')