Sample viewer

vx.netlux.org/Virus.DOS.KOV.Wanderer.1591

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:01.012117044Z 240 PC: 12e6c | UNKNOWN!
2018-12-17T22:23:01.013558693Z 255 PC: 12eed | UNKNOWN!
2018-12-17T22:23:01.030979426Z 74 PC: 12f49 | Reallocate memory
2018-12-17T22:23:01.032867175Z 75 PC: 12faf | Execute program
2018-12-17T22:23:01.049146996Z 76 PC: 13305 | Terminate with return code (Return code = '0')
2018-12-17T22:23:01.054060168Z 73 PC: 12fb5 | Release memory
2018-12-17T22:23:01.055927805Z 77 PC: 12fb9 | Get program return code
2018-12-17T22:23:01.057609767Z 44 PC: 12fbd | Get time 0x12fbd: cmp cl, 0xd
0x12fc0: je 0x12fca
0x12fc2: mov ah, 0x31
0x12fc4: mov dx, 0x84
0x12fc7: call 0x22afc
0x12fca: push cs
0x12fcb: pop ds
0x12fcc: mov dx, 0x6a4
0x12fcf: mov ah, 9
0x12fd1: int 0x21
0x12fd3: mov ah, 0x19
0x12fd5: int 0x21
0x12fd7: mov dl, al
0x12fd9: cmp dl, 2
0x12fdc: jb 0x12fe0
0x12fde: add al, 0x7e
0x12fe0: mov ax, 0x309
0x12fe3: mov bx, 0x6a4
0x12fe6: mov cx, 1
0x12fe9: mov dh, 0
2018-12-17T22:23:01.069775048Z 49 PC: 12b02 | Terminate and stay resident (Return code = '0' | Memory size = '132')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4035,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.394022118Z 240 PC: 12e6c | UNKNOWN!
2018-12-25T11:50:49.394981032Z 255 PC: 12eed | UNKNOWN!
2018-12-25T11:50:49.397449641Z 74 PC: 12f49 | Reallocate memory
2018-12-25T11:50:49.399223222Z 75 PC: 12faf | Execute program
2018-12-25T11:50:49.409072474Z 76 PC: 13305 | Terminate with return code (Return code = '0')
2018-12-25T11:50:49.411310831Z 73 PC: 12fb5 | Release memory
2018-12-25T11:50:49.412409159Z 77 PC: 12fb9 | Get program return code
2018-12-25T11:50:49.413310485Z 44 PC: 12fbd | Get time 0x12fbd: cmp cl, 0xd
0x12fc0: je 0x12fca
0x12fc2: mov ah, 0x31
0x12fc4: mov dx, 0x84
0x12fc7: call 0x22afc
0x12fca: push cs
0x12fcb: pop ds
0x12fcc: mov dx, 0x6a4
0x12fcf: mov ah, 9
0x12fd1: int 0x21
0x12fd3: mov ah, 0x19
0x12fd5: int 0x21
0x12fd7: mov dl, al
0x12fd9: cmp dl, 2
0x12fdc: jb 0x12fe0
0x12fde: add al, 0x7e
0x12fe0: mov ax, 0x309
0x12fe3: mov bx, 0x6a4
0x12fe6: mov cx, 1
0x12fe9: mov dh, 0
2018-12-25T11:50:49.41484161Z 49 PC: 12b02 | Terminate and stay resident (Return code = '0' | Memory size = '132')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":13,"Second":0,"TimeBased":true,"OriginalID":4035,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:49.428070419Z 240 PC: 12e6c | UNKNOWN!
2018-12-25T11:50:49.429697928Z 255 PC: 12eed | UNKNOWN!
2018-12-25T11:50:49.431682Z 74 PC: 12f49 | Reallocate memory
2018-12-25T11:50:49.433750676Z 75 PC: 12faf | Execute program
2018-12-25T11:50:49.446148393Z 76 PC: 13305 | Terminate with return code (Return code = '0')
2018-12-25T11:50:49.448910551Z 73 PC: 12fb5 | Release memory
2018-12-25T11:50:49.450592318Z 77 PC: 12fb9 | Get program return code
2018-12-25T11:50:49.452136416Z 44 PC: 12fbd | Get time 0x12fbd: cmp cl, 0xd
0x12fc0: je 0x12fca
0x12fc2: mov ah, 0x31
0x12fc4: mov dx, 0x84
0x12fc7: call 0x22afc
0x12fca: push cs
0x12fcb: pop ds
0x12fcc: mov dx, 0x6a4
0x12fcf: mov ah, 9
0x12fd1: int 0x21
0x12fd3: mov ah, 0x19
0x12fd5: int 0x21
0x12fd7: mov dl, al
0x12fd9: cmp dl, 2
0x12fdc: jb 0x12fe0
0x12fde: add al, 0x7e
0x12fe0: mov ax, 0x309
0x12fe3: mov bx, 0x6a4
0x12fe6: mov cx, 1
0x12fe9: mov dh, 0
2018-12-25T11:50:49.463417266Z 9 PC: 12fd3 | Display string (Could not find end pointer)
2018-12-25T11:50:49.47013836Z 25 PC: 12fd7 | Get default drive