Sample viewer

vx.netlux.org/Virus.DOS.KOV.Wanderer.1768

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:13:14.659150596Z 240 PC: 12e20 | UNKNOWN!
2018-12-17T22:13:14.660630893Z 255 PC: 12e9c | UNKNOWN!
2018-12-17T22:13:14.662760639Z 74 PC: 12eea | Reallocate memory
2018-12-17T22:13:14.664980399Z 75 PC: 12f4f | Execute program
2018-12-17T22:13:14.679440651Z 76 PC: 133f5 | Terminate with return code (Return code = '0')
2018-12-17T22:13:14.693807006Z 73 PC: 12f55 | Release memory
2018-12-17T22:13:14.69520348Z 77 PC: 12f59 | Get program return code
2018-12-17T22:13:14.696974331Z 44 PC: 12f5d | Get time 0x12f5d: cmp cl, 0xe
0x12f60: je 0x12f6a
0x12f62: mov ah, 0x31
0x12f64: mov dx, 0x93
0x12f67: call 0x22b25
0x12f6a: push cs
0x12f6b: pop ds
0x12f6c: mov dx, 0x79b
0x12f6f: mov ah, 9
0x12f71: int 0x21
0x12f73: mov ah, 0x19
0x12f75: int 0x21
0x12f77: mov dl, al
0x12f79: cmp dl, 2
0x12f7c: jb 0x12f81
0x12f7e: add dl, 0x7e
0x12f81: mov ax, 0x309
0x12f84: mov bx, 0x79b
0x12f87: mov cx, 1
0x12f8a: mov dh, 0
2018-12-17T22:13:14.700234294Z 49 PC: 12b2b | Terminate and stay resident (Return code = '0' | Memory size = '147')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2592,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:03.710710794Z 240 PC: 12e20 | UNKNOWN!
2018-12-25T11:46:03.712770438Z 255 PC: 12e9c | UNKNOWN!
2018-12-25T11:46:03.714883631Z 74 PC: 12eea | Reallocate memory
2018-12-25T11:46:03.717121728Z 75 PC: 12f4f | Execute program
2018-12-25T11:46:03.733996338Z 76 PC: 133f5 | Terminate with return code (Return code = '0')
2018-12-25T11:46:03.737772934Z 73 PC: 12f55 | Release memory
2018-12-25T11:46:03.739491018Z 77 PC: 12f59 | Get program return code
2018-12-25T11:46:03.74110175Z 44 PC: 12f5d | Get time 0x12f5d: cmp cl, 0xe
0x12f60: je 0x12f6a
0x12f62: mov ah, 0x31
0x12f64: mov dx, 0x93
0x12f67: call 0x22b25
0x12f6a: push cs
0x12f6b: pop ds
0x12f6c: mov dx, 0x79b
0x12f6f: mov ah, 9
0x12f71: int 0x21
0x12f73: mov ah, 0x19
0x12f75: int 0x21
0x12f77: mov dl, al
0x12f79: cmp dl, 2
0x12f7c: jb 0x12f81
0x12f7e: add dl, 0x7e
0x12f81: mov ax, 0x309
0x12f84: mov bx, 0x79b
0x12f87: mov cx, 1
0x12f8a: mov dh, 0
2018-12-25T11:46:03.74606142Z 49 PC: 12b2b | Terminate and stay resident (Return code = '0' | Memory size = '147')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":14,"Second":0,"TimeBased":true,"OriginalID":2592,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:03.993376654Z 240 PC: 12e20 | UNKNOWN!
2018-12-25T11:46:03.994753437Z 255 PC: 12e9c | UNKNOWN!
2018-12-25T11:46:04.003039611Z 74 PC: 12eea | Reallocate memory
2018-12-25T11:46:04.005391616Z 75 PC: 12f4f | Execute program
2018-12-25T11:46:04.020440338Z 76 PC: 133f5 | Terminate with return code (Return code = '0')
2018-12-25T11:46:04.024298199Z 73 PC: 12f55 | Release memory
2018-12-25T11:46:04.025650238Z 77 PC: 12f59 | Get program return code
2018-12-25T11:46:04.026906955Z 44 PC: 12f5d | Get time 0x12f5d: cmp cl, 0xe
0x12f60: je 0x12f6a
0x12f62: mov ah, 0x31
0x12f64: mov dx, 0x93
0x12f67: call 0x22b25
0x12f6a: push cs
0x12f6b: pop ds
0x12f6c: mov dx, 0x79b
0x12f6f: mov ah, 9
0x12f71: int 0x21
0x12f73: mov ah, 0x19
0x12f75: int 0x21
0x12f77: mov dl, al
0x12f79: cmp dl, 2
0x12f7c: jb 0x12f81
0x12f7e: add dl, 0x7e
0x12f81: mov ax, 0x309
0x12f84: mov bx, 0x79b
0x12f87: mov cx, 1
0x12f8a: mov dh, 0
2018-12-25T11:46:04.02971775Z 9 PC: 12f73 | Display string (Could not find end pointer)
2018-12-25T11:46:04.036908043Z 25 PC: 12f77 | Get default drive