Sample viewer

vx.netlux.org/Virus.DOS.KOV.Wanderer.1332.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:55.54602356Z	240	PC: 12d46 \| UNKNOWN!
2018-12-17T22:30:55.547553567Z	98	PC: 12dc5 \| Get current PSP
2018-12-17T22:30:55.54953897Z	74	PC: 12dec \| Reallocate memory
2018-12-17T22:30:55.551478113Z	75	PC: 12e4b \| Execute program
2018-12-17T22:30:55.568208961Z	73	PC: 12d27 \| Release memory
2018-12-17T22:30:55.570294432Z	42	PC: 12e56 \| Get date 0x12e56: cmp al, 0 0x12e58: jne 0x12e60 0x12e5a: mov byte ptr cs:[0x536], 1 0x12e60: mov ah, 0x2c 0x12e62: int 0x21 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si
2018-12-17T22:30:55.573347639Z	44	PC: 12e64 \| Get time 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si 0x12e8a: pop bx 0x12e8b: dec bx 0x12e8c: jae 0x12ee2 0x12e8e: jb 0x12eff 0x12e90: inc cx
2018-12-17T22:30:55.576015793Z	49	PC: 12d27 \| Terminate and stay resident (Return code = '44' \| Memory size = '104')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5530,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:45.202125055Z	240	PC: 12d46 \| UNKNOWN!
2018-12-25T11:54:45.204210069Z	98	PC: 12dc5 \| Get current PSP
2018-12-25T11:54:45.205814055Z	74	PC: 12dec \| Reallocate memory
2018-12-25T11:54:45.207502456Z	75	PC: 12e4b \| Execute program
2018-12-25T11:54:45.223098201Z	73	PC: 12d27 \| Release memory
2018-12-25T11:54:45.224979437Z	42	PC: 12e56 \| Get date 0x12e56: cmp al, 0 0x12e58: jne 0x12e60 0x12e5a: mov byte ptr cs:[0x536], 1 0x12e60: mov ah, 0x2c 0x12e62: int 0x21 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si
2018-12-25T11:54:45.227379171Z	44	PC: 12e64 \| Get time 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si 0x12e8a: pop bx 0x12e8b: dec bx 0x12e8c: jae 0x12ee2 0x12e8e: jb 0x12eff 0x12e90: inc cx
2018-12-25T11:54:45.229635015Z	49	PC: 12d27 \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5530,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:45.315195124Z	240	PC: 12d46 \| UNKNOWN!
2018-12-25T11:54:45.317529541Z	98	PC: 12dc5 \| Get current PSP
2018-12-25T11:54:45.319552275Z	74	PC: 12dec \| Reallocate memory
2018-12-25T11:54:45.321319775Z	75	PC: 12e4b \| Execute program
2018-12-25T11:54:45.357917Z	73	PC: 12d27 \| Release memory
2018-12-25T11:54:45.35959793Z	42	PC: 12e56 \| Get date 0x12e56: cmp al, 0 0x12e58: jne 0x12e60 0x12e5a: mov byte ptr cs:[0x536], 1 0x12e60: mov ah, 0x2c 0x12e62: int 0x21 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si
2018-12-25T11:54:45.362015985Z	44	PC: 12e64 \| Get time 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si 0x12e8a: pop bx 0x12e8b: dec bx 0x12e8c: jae 0x12ee2 0x12e8e: jb 0x12eff 0x12e90: inc cx
2018-12-25T11:54:45.366289095Z	49	PC: 12d27 \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":8,"Second":0,"TimeBased":true,"OriginalID":5530,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:45.517608394Z	240	PC: 12d46 \| UNKNOWN!
2018-12-25T11:54:45.518786193Z	98	PC: 12dc5 \| Get current PSP
2018-12-25T11:54:45.520213694Z	74	PC: 12dec \| Reallocate memory
2018-12-25T11:54:45.521582965Z	75	PC: 12e4b \| Execute program
2018-12-25T11:54:45.538168348Z	73	PC: 12d27 \| Release memory
2018-12-25T11:54:45.551738416Z	42	PC: 12e56 \| Get date 0x12e56: cmp al, 0 0x12e58: jne 0x12e60 0x12e5a: mov byte ptr cs:[0x536], 1 0x12e60: mov ah, 0x2c 0x12e62: int 0x21 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si
2018-12-25T11:54:45.554249077Z	44	PC: 12e64 \| Get time 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si 0x12e8a: pop bx 0x12e8b: dec bx 0x12e8c: jae 0x12ee2 0x12e8e: jb 0x12eff 0x12e90: inc cx
2018-12-25T11:54:45.55674006Z	49	PC: 12d27 \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":8,"Second":0,"TimeBased":true,"OriginalID":5530,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:45.584704621Z	240	PC: 12d46 \| UNKNOWN!
2018-12-25T11:54:45.585761046Z	98	PC: 12dc5 \| Get current PSP
2018-12-25T11:54:45.588686761Z	74	PC: 12dec \| Reallocate memory
2018-12-25T11:54:45.590782308Z	75	PC: 12e4b \| Execute program
2018-12-25T11:54:45.607898865Z	73	PC: 12d27 \| Release memory
2018-12-25T11:54:45.610062011Z	42	PC: 12e56 \| Get date 0x12e56: cmp al, 0 0x12e58: jne 0x12e60 0x12e5a: mov byte ptr cs:[0x536], 1 0x12e60: mov ah, 0x2c 0x12e62: int 0x21 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si
2018-12-25T11:54:45.612440356Z	44	PC: 12e64 \| Get time 0x12e64: cmp cl, 8 0x12e67: jne 0x12e70 0x12e69: mov byte ptr cs:[0x560], 1 0x12e6f: nop 0x12e70: mov al, 0x31 0x12e72: mov dx, 0x68 0x12e75: call 0x22d1f 0x12e78: sldt word ptr [bx + si] 0x12e7b: add byte ptr [bx + si - 0x6c00], al 0x12e7f: adc bl, byte ptr [si] 0x12e82: xchg ax, sp 0x12e83: adc ch, byte ptr [si] 0x12e86: xchg ax, sp 0x12e87: adc ch, bl 0x12e89: dec si 0x12e8a: pop bx 0x12e8b: dec bx 0x12e8c: jae 0x12ee2 0x12e8e: jb 0x12eff 0x12e90: inc cx
2018-12-25T11:54:45.614747835Z	49	PC: 12d27 \| Terminate and stay resident (See above)