Sample viewer

vx.netlux.org/Virus.DOS.Wanderer_M.1811

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:03.182892216Z	255	PC: 130ac \| UNKNOWN!
2018-12-17T23:07:03.183827463Z	53	PC: 130b7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:03.185872728Z	240	PC: 130e6 \| UNKNOWN!
2018-12-17T23:07:03.186880794Z	42	PC: 12f5c \| Get date 0x12f5c: cmp cx, 0x7cb 0x12f60: jne 0x12f72 0x12f62: cmp dh, 3 0x12f65: jne 0x12f72 0x12f67: cmp dl, 8 0x12f6a: jb 0x12f72 0x12f6c: mov byte ptr cs:[0x703], 1 0x12f72: call 0x130f5 0x12f75: nop 0x12f76: mov word ptr cs:[0x6d8], es 0x12f7b: nop 0x12f7c: mov word ptr cs:[0x6dc], es 0x12f81: mov word ptr cs:[0x6e0], es 0x12f86: mov byte ptr cs:[0x7bc], 0 0x12f8c: mov cx, 0x7bd 0x12f8f: xor si, si 0x12f91: push es 0x12f92: pop ax 0x12f93: add ax, 0x10 0x12f96: mov es, ax
2018-12-17T23:07:03.190562099Z	74	PC: 12fb9 \| Reallocate memory
2018-12-17T23:07:03.193502661Z	75	PC: 13005 \| Execute program
2018-12-17T23:07:03.209750237Z	255	PC: 139ec \| UNKNOWN!
2018-12-17T23:07:03.210927989Z	53	PC: 139f7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:03.218281679Z	76	PC: 13385 \| Terminate with return code (Return code = '0')
2018-12-17T23:07:03.222873002Z	73	PC: 12c2c \| Release memory
2018-12-17T23:07:03.224777868Z	44	PC: 13013 \| Get time 0x13013: cmp cl, 4 0x13016: je 0x13020 0x13018: mov al, 0x31 0x1301a: mov dx, 0x8c 0x1301d: call 0x22c23 0x13020: push cs 0x13021: pop ds 0x13022: push cs 0x13023: pop es 0x13024: call 0x22ae4 0x13027: and al, 2 0x13029: cmp al, 2 0x1302b: jne 0x1305b 0x1302d: mov ah, 0x19 0x1302f: int 0x21 0x13031: mov dl, al 0x13033: cmp dl, 2 0x13036: jb 0x1303b 0x13038: add dl, 0x7e 0x1303b: mov ax, 0x309
2018-12-17T23:07:03.228385702Z	49	PC: 12c2c \| Terminate and stay resident (Return code = '44' \| Memory size = '140')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15729,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:19.627305045Z	255	PC: 130ac \| UNKNOWN!
2018-12-25T12:44:19.634516295Z	53	PC: 130b7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:19.635976127Z	240	PC: 130e6 \| UNKNOWN!
2018-12-25T12:44:19.637101527Z	42	PC: 12f5c \| Get date 0x12f5c: cmp cx, 0x7cb 0x12f60: jne 0x12f72 0x12f62: cmp dh, 3 0x12f65: jne 0x12f72 0x12f67: cmp dl, 8 0x12f6a: jb 0x12f72 0x12f6c: mov byte ptr cs:[0x703], 1 0x12f72: call 0x130f5 0x12f75: nop 0x12f76: mov word ptr cs:[0x6d8], es 0x12f7b: nop 0x12f7c: mov word ptr cs:[0x6dc], es 0x12f81: mov word ptr cs:[0x6e0], es 0x12f86: mov byte ptr cs:[0x7bc], 0 0x12f8c: mov cx, 0x7bd 0x12f8f: xor si, si 0x12f91: push es 0x12f92: pop ax 0x12f93: add ax, 0x10 0x12f96: mov es, ax
2018-12-25T12:44:19.646561868Z	74	PC: 12fb9 \| Reallocate memory
2018-12-25T12:44:19.648263089Z	75	PC: 13005 \| Execute program
2018-12-25T12:44:19.678539019Z	255	PC: 139ec \| UNKNOWN!
2018-12-25T12:44:19.67978666Z	53	PC: 139f7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:19.68247865Z	76	PC: 13385 \| Terminate with return code (Return code = '0')
2018-12-25T12:44:19.685716965Z	73	PC: 12c2c \| Release memory
2018-12-25T12:44:19.687428003Z	44	PC: 13013 \| Get time 0x13013: cmp cl, 4 0x13016: je 0x13020 0x13018: mov al, 0x31 0x1301a: mov dx, 0x8c 0x1301d: call 0x22c23 0x13020: push cs 0x13021: pop ds 0x13022: push cs 0x13023: pop es 0x13024: call 0x22ae4 0x13027: and al, 2 0x13029: cmp al, 2 0x1302b: jne 0x1305b 0x1302d: mov ah, 0x19 0x1302f: int 0x21 0x13031: mov dl, al 0x13033: cmp dl, 2 0x13036: jb 0x1303b 0x13038: add dl, 0x7e 0x1303b: mov ax, 0x309
2018-12-25T12:44:19.690861684Z	49	PC: 12c2c \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15729,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:19.651776955Z	255	PC: 130ac \| UNKNOWN!
2018-12-25T12:44:19.653108529Z	53	PC: 130b7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:19.654318766Z	240	PC: 130e6 \| UNKNOWN!
2018-12-25T12:44:19.65514675Z	42	PC: 12f5c \| Get date 0x12f5c: cmp cx, 0x7cb 0x12f60: jne 0x12f72 0x12f62: cmp dh, 3 0x12f65: jne 0x12f72 0x12f67: cmp dl, 8 0x12f6a: jb 0x12f72 0x12f6c: mov byte ptr cs:[0x703], 1 0x12f72: call 0x130f5 0x12f75: nop 0x12f76: mov word ptr cs:[0x6d8], es 0x12f7b: nop 0x12f7c: mov word ptr cs:[0x6dc], es 0x12f81: mov word ptr cs:[0x6e0], es 0x12f86: mov byte ptr cs:[0x7bc], 0 0x12f8c: mov cx, 0x7bd 0x12f8f: xor si, si 0x12f91: push es 0x12f92: pop ax 0x12f93: add ax, 0x10 0x12f96: mov es, ax
2018-12-25T12:44:19.658421702Z	74	PC: 12fb9 \| Reallocate memory
2018-12-25T12:44:19.660260122Z	75	PC: 13005 \| Execute program
2018-12-25T12:44:19.674471406Z	255	PC: 139ec \| UNKNOWN!
2018-12-25T12:44:19.675912892Z	53	PC: 139f7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:19.680028772Z	76	PC: 13385 \| Terminate with return code (Return code = '0')
2018-12-25T12:44:19.683445639Z	73	PC: 12c2c \| Release memory
2018-12-25T12:44:19.684823613Z	44	PC: 13013 \| Get time 0x13013: cmp cl, 4 0x13016: je 0x13020 0x13018: mov al, 0x31 0x1301a: mov dx, 0x8c 0x1301d: call 0x22c23 0x13020: push cs 0x13021: pop ds 0x13022: push cs 0x13023: pop es 0x13024: call 0x22ae4 0x13027: and al, 2 0x13029: cmp al, 2 0x1302b: jne 0x1305b 0x1302d: mov ah, 0x19 0x1302f: int 0x21 0x13031: mov dl, al 0x13033: cmp dl, 2 0x13036: jb 0x1303b 0x13038: add dl, 0x7e 0x1303b: mov ax, 0x309
2018-12-25T12:44:19.690198756Z	49	PC: 12c2c \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":4,"Second":0,"TimeBased":true,"OriginalID":15729,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:19.683264978Z	255	PC: 130ac \| UNKNOWN!
2018-12-25T12:44:19.684809356Z	53	PC: 130b7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:19.686818085Z	240	PC: 130e6 \| UNKNOWN!
2018-12-25T12:44:19.688189521Z	42	PC: 12f5c \| Get date 0x12f5c: cmp cx, 0x7cb 0x12f60: jne 0x12f72 0x12f62: cmp dh, 3 0x12f65: jne 0x12f72 0x12f67: cmp dl, 8 0x12f6a: jb 0x12f72 0x12f6c: mov byte ptr cs:[0x703], 1 0x12f72: call 0x130f5 0x12f75: nop 0x12f76: mov word ptr cs:[0x6d8], es 0x12f7b: nop 0x12f7c: mov word ptr cs:[0x6dc], es 0x12f81: mov word ptr cs:[0x6e0], es 0x12f86: mov byte ptr cs:[0x7bc], 0 0x12f8c: mov cx, 0x7bd 0x12f8f: xor si, si 0x12f91: push es 0x12f92: pop ax 0x12f93: add ax, 0x10 0x12f96: mov es, ax
2018-12-25T12:44:19.691913595Z	74	PC: 12fb9 \| Reallocate memory
2018-12-25T12:44:19.694588165Z	75	PC: 13005 \| Execute program
2018-12-25T12:44:19.710686642Z	255	PC: 139ec \| UNKNOWN!
2018-12-25T12:44:19.71202282Z	53	PC: 139f7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:19.714897838Z	76	PC: 13385 \| Terminate with return code (Return code = '0')
2018-12-25T12:44:19.718884014Z	73	PC: 12c2c \| Release memory
2018-12-25T12:44:19.720570602Z	44	PC: 13013 \| Get time 0x13013: cmp cl, 4 0x13016: je 0x13020 0x13018: mov al, 0x31 0x1301a: mov dx, 0x8c 0x1301d: call 0x22c23 0x13020: push cs 0x13021: pop ds 0x13022: push cs 0x13023: pop es 0x13024: call 0x22ae4 0x13027: and al, 2 0x13029: cmp al, 2 0x1302b: jne 0x1305b 0x1302d: mov ah, 0x19 0x1302f: int 0x21 0x13031: mov dl, al 0x13033: cmp dl, 2 0x13036: jb 0x1303b 0x13038: add dl, 0x7e 0x1303b: mov ax, 0x309

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":4,"Second":0,"TimeBased":true,"OriginalID":15729,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:19.785638213Z	255	PC: 130ac \| UNKNOWN!
2018-12-25T12:44:19.786794567Z	53	PC: 130b7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:19.788971091Z	240	PC: 130e6 \| UNKNOWN!
2018-12-25T12:44:19.790088057Z	42	PC: 12f5c \| Get date 0x12f5c: cmp cx, 0x7cb 0x12f60: jne 0x12f72 0x12f62: cmp dh, 3 0x12f65: jne 0x12f72 0x12f67: cmp dl, 8 0x12f6a: jb 0x12f72 0x12f6c: mov byte ptr cs:[0x703], 1 0x12f72: call 0x130f5 0x12f75: nop 0x12f76: mov word ptr cs:[0x6d8], es 0x12f7b: nop 0x12f7c: mov word ptr cs:[0x6dc], es 0x12f81: mov word ptr cs:[0x6e0], es 0x12f86: mov byte ptr cs:[0x7bc], 0 0x12f8c: mov cx, 0x7bd 0x12f8f: xor si, si 0x12f91: push es 0x12f92: pop ax 0x12f93: add ax, 0x10 0x12f96: mov es, ax
2018-12-25T12:44:19.79313548Z	74	PC: 12fb9 \| Reallocate memory
2018-12-25T12:44:19.795755444Z	75	PC: 13005 \| Execute program
2018-12-25T12:44:19.808647735Z	255	PC: 139ec \| UNKNOWN!
2018-12-25T12:44:19.809871128Z	53	PC: 139f7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:19.812395364Z	76	PC: 13385 \| Terminate with return code (Return code = '0')
2018-12-25T12:44:19.816011054Z	73	PC: 12c2c \| Release memory
2018-12-25T12:44:19.81760312Z	44	PC: 13013 \| Get time 0x13013: cmp cl, 4 0x13016: je 0x13020 0x13018: mov al, 0x31 0x1301a: mov dx, 0x8c 0x1301d: call 0x22c23 0x13020: push cs 0x13021: pop ds 0x13022: push cs 0x13023: pop es 0x13024: call 0x22ae4 0x13027: and al, 2 0x13029: cmp al, 2 0x1302b: jne 0x1305b 0x1302d: mov ah, 0x19 0x1302f: int 0x21 0x13031: mov dl, al 0x13033: cmp dl, 2 0x13036: jb 0x1303b 0x13038: add dl, 0x7e 0x1303b: mov ax, 0x309