Sample viewer

vx.netlux.org/Virus.DOS.Wanderer_M.1783

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:18.715984138Z	42	PC: 13057 \| Get date 0x13057: cmp cx, 0x7cb 0x1305b: jne 0x13062 0x1305d: cmp dh, 3 0x13060: jb 0x1309c 0x13062: mov al, 0xff 0x13064: mov ah, 0xf 0x13066: xchg al, ah 0x13068: nop 0x13069: int 0x21 0x1306b: cmp ax, 0x101 0x1306e: je 0x1309c 0x13070: mov ax, 0x3521 0x13073: nop 0x13074: int 0x21 0x13076: cmp word ptr es:[0xa], 0x4254 0x1307d: jne 0x13088 0x1307f: cmp word ptr es:[0xc], 0x5244 0x13086: je 0x1309c 0x13088: cmp bx, 0x96b 0x1308c: je 0x1309c
2018-12-17T22:28:18.718510881Z	255	PC: 1306b \| UNKNOWN!
2018-12-17T22:28:18.719683189Z	53	PC: 13076 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:18.721247663Z	240	PC: 1309a \| UNKNOWN!
2018-12-17T22:28:18.725588502Z	74	PC: 12f69 \| Reallocate memory
2018-12-17T22:28:18.727029274Z	75	PC: 12fb5 \| Execute program
2018-12-17T22:28:18.740100581Z	42	PC: 13987 \| Get date 0x13987: cmp cx, 0x7cb 0x1398b: jne 0x13992 0x1398d: cmp dh, 3 0x13990: jb 0x139cc 0x13992: mov al, 0xff 0x13994: mov ah, 0xf 0x13996: xchg al, ah 0x13998: nop 0x13999: int 0x21 0x1399b: cmp ax, 0x101 0x1399e: je 0x139cc 0x139a0: mov ax, 0x3521 0x139a3: nop 0x139a4: int 0x21 0x139a6: cmp word ptr es:[0xa], 0x4254 0x139ad: jne 0x139b8 0x139af: cmp word ptr es:[0xc], 0x5244 0x139b6: je 0x139cc 0x139b8: cmp bx, 0x96b 0x139bc: je 0x139cc
2018-12-17T22:28:18.74435538Z	255	PC: 1399b \| UNKNOWN!
2018-12-17T22:28:18.74541085Z	53	PC: 139a6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:18.746771381Z	76	PC: 13375 \| Terminate with return code (Return code = '0')
2018-12-17T22:28:18.749519508Z	73	PC: 12bfb \| Release memory
2018-12-17T22:28:18.753850623Z	44	PC: 12fc3 \| Get time 0x12fc3: cmp cl, 0xff 0x12fc6: je 0x12fd0 0x12fc8: mov al, 0x31 0x12fca: mov dx, 0x8b 0x12fcd: call 0x22bf2 0x12fd0: push cs 0x12fd1: pop ds 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: call 0x22af8 0x12fd7: and al, 2 0x12fd9: cmp al, 2 0x12fdb: jne 0x1300b 0x12fdd: mov ah, 0x19 0x12fdf: int 0x21 0x12fe1: mov dl, al 0x12fe3: cmp dl, 2 0x12fe6: jb 0x12feb 0x12fe8: add dl, 0x7e 0x12feb: mov ax, 0x309
2018-12-17T22:28:18.756169924Z	49	PC: 12bfb \| Terminate and stay resident (Return code = '44' \| Memory size = '139')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5052,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:34.845944408Z	42	PC: 13057 \| Get date 0x13057: cmp cx, 0x7cb 0x1305b: jne 0x13062 0x1305d: cmp dh, 3 0x13060: jb 0x1309c 0x13062: mov al, 0xff 0x13064: mov ah, 0xf 0x13066: xchg al, ah 0x13068: nop 0x13069: int 0x21 0x1306b: cmp ax, 0x101 0x1306e: je 0x1309c 0x13070: mov ax, 0x3521 0x13073: nop 0x13074: int 0x21 0x13076: cmp word ptr es:[0xa], 0x4254 0x1307d: jne 0x13088 0x1307f: cmp word ptr es:[0xc], 0x5244 0x13086: je 0x1309c 0x13088: cmp bx, 0x96b 0x1308c: je 0x1309c
2018-12-25T11:53:34.84900219Z	255	PC: 1306b \| UNKNOWN!
2018-12-25T11:53:34.849888811Z	53	PC: 13076 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:34.851250313Z	240	PC: 1309a \| UNKNOWN!
2018-12-25T11:53:34.853707125Z	74	PC: 12f69 \| Reallocate memory
2018-12-25T11:53:34.855799293Z	75	PC: 12fb5 \| Execute program
2018-12-25T11:53:34.871866305Z	42	PC: 13987 \| Get date 0x13987: cmp cx, 0x7cb 0x1398b: jne 0x13992 0x1398d: cmp dh, 3 0x13990: jb 0x139cc 0x13992: mov al, 0xff 0x13994: mov ah, 0xf 0x13996: xchg al, ah 0x13998: nop 0x13999: int 0x21 0x1399b: cmp ax, 0x101 0x1399e: je 0x139cc 0x139a0: mov ax, 0x3521 0x139a3: nop 0x139a4: int 0x21 0x139a6: cmp word ptr es:[0xa], 0x4254 0x139ad: jne 0x139b8 0x139af: cmp word ptr es:[0xc], 0x5244 0x139b6: je 0x139cc 0x139b8: cmp bx, 0x96b 0x139bc: je 0x139cc
2018-12-25T11:53:34.878257951Z	255	PC: 1399b \| UNKNOWN!
2018-12-25T11:53:34.879902308Z	53	PC: 139a6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:34.881424372Z	76	PC: 13375 \| Terminate with return code (Return code = '0')
2018-12-25T11:53:34.884531397Z	73	PC: 12bfb \| Release memory
2018-12-25T11:53:34.886929323Z	44	PC: 12fc3 \| Get time 0x12fc3: cmp cl, 0xff 0x12fc6: je 0x12fd0 0x12fc8: mov al, 0x31 0x12fca: mov dx, 0x8b 0x12fcd: call 0x22bf2 0x12fd0: push cs 0x12fd1: pop ds 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: call 0x22af8 0x12fd7: and al, 2 0x12fd9: cmp al, 2 0x12fdb: jne 0x1300b 0x12fdd: mov ah, 0x19 0x12fdf: int 0x21 0x12fe1: mov dl, al 0x12fe3: cmp dl, 2 0x12fe6: jb 0x12feb 0x12fe8: add dl, 0x7e 0x12feb: mov ax, 0x309
2018-12-25T11:53:34.88950984Z	49	PC: 12bfb \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5052,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:35.388945965Z	42	PC: 13057 \| Get date 0x13057: cmp cx, 0x7cb 0x1305b: jne 0x13062 0x1305d: cmp dh, 3 0x13060: jb 0x1309c 0x13062: mov al, 0xff 0x13064: mov ah, 0xf 0x13066: xchg al, ah 0x13068: nop 0x13069: int 0x21 0x1306b: cmp ax, 0x101 0x1306e: je 0x1309c 0x13070: mov ax, 0x3521 0x13073: nop 0x13074: int 0x21 0x13076: cmp word ptr es:[0xa], 0x4254 0x1307d: jne 0x13088 0x1307f: cmp word ptr es:[0xc], 0x5244 0x13086: je 0x1309c 0x13088: cmp bx, 0x96b 0x1308c: je 0x1309c
2018-12-25T11:53:35.392653268Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":3,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5052,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:37.04699852Z	42	PC: 13057 \| Get date 0x13057: cmp cx, 0x7cb 0x1305b: jne 0x13062 0x1305d: cmp dh, 3 0x13060: jb 0x1309c 0x13062: mov al, 0xff 0x13064: mov ah, 0xf 0x13066: xchg al, ah 0x13068: nop 0x13069: int 0x21 0x1306b: cmp ax, 0x101 0x1306e: je 0x1309c 0x13070: mov ax, 0x3521 0x13073: nop 0x13074: int 0x21 0x13076: cmp word ptr es:[0xa], 0x4254 0x1307d: jne 0x13088 0x1307f: cmp word ptr es:[0xc], 0x5244 0x13086: je 0x1309c 0x13088: cmp bx, 0x96b 0x1308c: je 0x1309c
2018-12-25T11:53:37.049327394Z	255	PC: 1306b \| UNKNOWN!
2018-12-25T11:53:37.050187321Z	53	PC: 13076 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:37.051658087Z	240	PC: 1309a \| UNKNOWN!
2018-12-25T11:53:37.054136956Z	74	PC: 12f69 \| Reallocate memory
2018-12-25T11:53:37.055792894Z	75	PC: 12fb5 \| Execute program
2018-12-25T11:53:37.069157437Z	42	PC: 13987 \| Get date 0x13987: cmp cx, 0x7cb 0x1398b: jne 0x13992 0x1398d: cmp dh, 3 0x13990: jb 0x139cc 0x13992: mov al, 0xff 0x13994: mov ah, 0xf 0x13996: xchg al, ah 0x13998: nop 0x13999: int 0x21 0x1399b: cmp ax, 0x101 0x1399e: je 0x139cc 0x139a0: mov ax, 0x3521 0x139a3: nop 0x139a4: int 0x21 0x139a6: cmp word ptr es:[0xa], 0x4254 0x139ad: jne 0x139b8 0x139af: cmp word ptr es:[0xc], 0x5244 0x139b6: je 0x139cc 0x139b8: cmp bx, 0x96b 0x139bc: je 0x139cc
2018-12-25T11:53:37.071979996Z	255	PC: 1399b \| UNKNOWN!
2018-12-25T11:53:37.073223195Z	53	PC: 139a6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:37.074754245Z	76	PC: 13375 \| Terminate with return code (Return code = '0')
2018-12-25T11:53:37.077708207Z	73	PC: 12bfb \| Release memory
2018-12-25T11:53:37.079717739Z	44	PC: 12fc3 \| Get time 0x12fc3: cmp cl, 0xff 0x12fc6: je 0x12fd0 0x12fc8: mov al, 0x31 0x12fca: mov dx, 0x8b 0x12fcd: call 0x22bf2 0x12fd0: push cs 0x12fd1: pop ds 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: call 0x22af8 0x12fd7: and al, 2 0x12fd9: cmp al, 2 0x12fdb: jne 0x1300b 0x12fdd: mov ah, 0x19 0x12fdf: int 0x21 0x12fe1: mov dl, al 0x12fe3: cmp dl, 2 0x12fe6: jb 0x12feb 0x12fe8: add dl, 0x7e 0x12feb: mov ax, 0x309
2018-12-25T11:53:37.082729956Z	49	PC: 12bfb \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5052,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:37.469103412Z	42	PC: 13057 \| Get date 0x13057: cmp cx, 0x7cb 0x1305b: jne 0x13062 0x1305d: cmp dh, 3 0x13060: jb 0x1309c 0x13062: mov al, 0xff 0x13064: mov ah, 0xf 0x13066: xchg al, ah 0x13068: nop 0x13069: int 0x21 0x1306b: cmp ax, 0x101 0x1306e: je 0x1309c 0x13070: mov ax, 0x3521 0x13073: nop 0x13074: int 0x21 0x13076: cmp word ptr es:[0xa], 0x4254 0x1307d: jne 0x13088 0x1307f: cmp word ptr es:[0xc], 0x5244 0x13086: je 0x1309c 0x13088: cmp bx, 0x96b 0x1308c: je 0x1309c
2018-12-25T11:53:37.471218683Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":3,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5052,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:37.799620323Z	42	PC: 13057 \| Get date 0x13057: cmp cx, 0x7cb 0x1305b: jne 0x13062 0x1305d: cmp dh, 3 0x13060: jb 0x1309c 0x13062: mov al, 0xff 0x13064: mov ah, 0xf 0x13066: xchg al, ah 0x13068: nop 0x13069: int 0x21 0x1306b: cmp ax, 0x101 0x1306e: je 0x1309c 0x13070: mov ax, 0x3521 0x13073: nop 0x13074: int 0x21 0x13076: cmp word ptr es:[0xa], 0x4254 0x1307d: jne 0x13088 0x1307f: cmp word ptr es:[0xc], 0x5244 0x13086: je 0x1309c 0x13088: cmp bx, 0x96b 0x1308c: je 0x1309c
2018-12-25T11:53:37.802868776Z	255	PC: 1306b \| UNKNOWN!
2018-12-25T11:53:37.803525434Z	53	PC: 13076 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:37.804686848Z	240	PC: 1309a \| UNKNOWN!
2018-12-25T11:53:37.806558851Z	74	PC: 12f69 \| Reallocate memory
2018-12-25T11:53:37.808719496Z	75	PC: 12fb5 \| Execute program
2018-12-25T11:53:37.822445757Z	42	PC: 13987 \| Get date 0x13987: cmp cx, 0x7cb 0x1398b: jne 0x13992 0x1398d: cmp dh, 3 0x13990: jb 0x139cc 0x13992: mov al, 0xff 0x13994: mov ah, 0xf 0x13996: xchg al, ah 0x13998: nop 0x13999: int 0x21 0x1399b: cmp ax, 0x101 0x1399e: je 0x139cc 0x139a0: mov ax, 0x3521 0x139a3: nop 0x139a4: int 0x21 0x139a6: cmp word ptr es:[0xa], 0x4254 0x139ad: jne 0x139b8 0x139af: cmp word ptr es:[0xc], 0x5244 0x139b6: je 0x139cc 0x139b8: cmp bx, 0x96b 0x139bc: je 0x139cc
2018-12-25T11:53:37.824779496Z	255	PC: 1399b \| UNKNOWN!
2018-12-25T11:53:37.826654552Z	53	PC: 139a6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:37.828157745Z	76	PC: 13375 \| Terminate with return code (Return code = '0')
2018-12-25T11:53:37.831118924Z	73	PC: 12bfb \| Release memory
2018-12-25T11:53:37.837569886Z	44	PC: 12fc3 \| Get time 0x12fc3: cmp cl, 0xff 0x12fc6: je 0x12fd0 0x12fc8: mov al, 0x31 0x12fca: mov dx, 0x8b 0x12fcd: call 0x22bf2 0x12fd0: push cs 0x12fd1: pop ds 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: call 0x22af8 0x12fd7: and al, 2 0x12fd9: cmp al, 2 0x12fdb: jne 0x1300b 0x12fdd: mov ah, 0x19 0x12fdf: int 0x21 0x12fe1: mov dl, al 0x12fe3: cmp dl, 2 0x12fe6: jb 0x12feb 0x12fe8: add dl, 0x7e 0x12feb: mov ax, 0x309
2018-12-25T11:53:37.839789272Z	49	PC: 12bfb \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5052,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:37.973710858Z	42	PC: 13057 \| Get date 0x13057: cmp cx, 0x7cb 0x1305b: jne 0x13062 0x1305d: cmp dh, 3 0x13060: jb 0x1309c 0x13062: mov al, 0xff 0x13064: mov ah, 0xf 0x13066: xchg al, ah 0x13068: nop 0x13069: int 0x21 0x1306b: cmp ax, 0x101 0x1306e: je 0x1309c 0x13070: mov ax, 0x3521 0x13073: nop 0x13074: int 0x21 0x13076: cmp word ptr es:[0xa], 0x4254 0x1307d: jne 0x13088 0x1307f: cmp word ptr es:[0xc], 0x5244 0x13086: je 0x1309c 0x13088: cmp bx, 0x96b 0x1308c: je 0x1309c
2018-12-25T11:53:37.976454294Z	255	PC: 1306b \| UNKNOWN!
2018-12-25T11:53:37.977770008Z	53	PC: 13076 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:37.9791956Z	240	PC: 1309a \| UNKNOWN!
2018-12-25T11:53:37.981545727Z	74	PC: 12f69 \| Reallocate memory
2018-12-25T11:53:37.996800245Z	75	PC: 12fb5 \| Execute program
2018-12-25T11:53:38.014328593Z	42	PC: 13987 \| Get date 0x13987: cmp cx, 0x7cb 0x1398b: jne 0x13992 0x1398d: cmp dh, 3 0x13990: jb 0x139cc 0x13992: mov al, 0xff 0x13994: mov ah, 0xf 0x13996: xchg al, ah 0x13998: nop 0x13999: int 0x21 0x1399b: cmp ax, 0x101 0x1399e: je 0x139cc 0x139a0: mov ax, 0x3521 0x139a3: nop 0x139a4: int 0x21 0x139a6: cmp word ptr es:[0xa], 0x4254 0x139ad: jne 0x139b8 0x139af: cmp word ptr es:[0xc], 0x5244 0x139b6: je 0x139cc 0x139b8: cmp bx, 0x96b 0x139bc: je 0x139cc
2018-12-25T11:53:38.017484438Z	255	PC: 1399b \| UNKNOWN!
2018-12-25T11:53:38.02025193Z	53	PC: 139a6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:38.022493879Z	76	PC: 13375 \| Terminate with return code (Return code = '0')
2018-12-25T11:53:38.026369676Z	73	PC: 12bfb \| Release memory
2018-12-25T11:53:38.029109244Z	44	PC: 12fc3 \| Get time 0x12fc3: cmp cl, 0xff 0x12fc6: je 0x12fd0 0x12fc8: mov al, 0x31 0x12fca: mov dx, 0x8b 0x12fcd: call 0x22bf2 0x12fd0: push cs 0x12fd1: pop ds 0x12fd2: push cs 0x12fd3: pop es 0x12fd4: call 0x22af8 0x12fd7: and al, 2 0x12fd9: cmp al, 2 0x12fdb: jne 0x1300b 0x12fdd: mov ah, 0x19 0x12fdf: int 0x21 0x12fe1: mov dl, al 0x12fe3: cmp dl, 2 0x12fe6: jb 0x12feb 0x12fe8: add dl, 0x7e 0x12feb: mov ax, 0x309
2018-12-25T11:53:38.03177206Z	49	PC: 12bfb \| Terminate and stay resident (See above)