Sample viewer

vx.netlux.org/Virus.DOS.Riot.Carpediem_II.1305

Time	Syscall Op	Syscall Name
2018-12-17T22:56:05.071467967Z	42	PC: 12b47 \| Get date 0x12b47: cmp dl, 0x11 0x12b4a: jne 0x12b53 0x12b4c: mov byte ptr cs:[0x4cb], 1 0x12b52: nop 0x12b53: mov ah, 0x4a 0x12b55: mov bx, 0xffff 0x12b58: mov cx, 0xbebe 0x12b5b: int 0x21 0x12b5d: cmp ax, cx 0x12b5f: jne 0x12b64 0x12b61: jmp 0x12bf2 0x12b64: mov ah, 0x4a 0x12b66: sub bx, 0x53 0x12b69: nop 0x12b6a: int 0x21 0x12b6c: mov ah, 0x48 0x12b6e: mov bx, 0x52 0x12b71: int 0x21 0x12b73: dec ax 0x12b74: mov es, ax
2018-12-17T22:56:05.074043207Z	74	PC: 12b5d \| Reallocate memory
2018-12-17T22:56:05.075871363Z	74	PC: 12b6c \| Reallocate memory
2018-12-17T22:56:05.077264326Z	72	PC: 12b73 \| Allocate memory
2018-12-17T22:56:05.078871619Z	53	PC: 12b98 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:05.08035441Z	53	PC: 12bc0 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:56:05.081501641Z	53	PC: 12bcc \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:56:05.083013693Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

Time	Syscall Op	Syscall Name
2018-12-25T12:31:59.587941278Z	42	PC: 12b47 \| Get date 0x12b47: cmp dl, 0x11 0x12b4a: jne 0x12b53 0x12b4c: mov byte ptr cs:[0x4cb], 1 0x12b52: nop 0x12b53: mov ah, 0x4a 0x12b55: mov bx, 0xffff 0x12b58: mov cx, 0xbebe 0x12b5b: int 0x21 0x12b5d: cmp ax, cx 0x12b5f: jne 0x12b64 0x12b61: jmp 0x12bf2 0x12b64: mov ah, 0x4a 0x12b66: sub bx, 0x53 0x12b69: nop 0x12b6a: int 0x21 0x12b6c: mov ah, 0x48 0x12b6e: mov bx, 0x52 0x12b71: int 0x21 0x12b73: dec ax 0x12b74: mov es, ax
2018-12-25T12:31:59.591044432Z	74	PC: 12b5d \| Reallocate memory
2018-12-25T12:31:59.592806027Z	74	PC: 12b6c \| Reallocate memory
2018-12-25T12:31:59.594283584Z	72	PC: 12b73 \| Allocate memory
2018-12-25T12:31:59.59709526Z	53	PC: 12b98 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:59.59842556Z	53	PC: 12bcc \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:59.600176855Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

Time	Syscall Op	Syscall Name
2018-12-25T12:32:00.298591864Z	42	PC: 12b47 \| Get date 0x12b47: cmp dl, 0x11 0x12b4a: jne 0x12b53 0x12b4c: mov byte ptr cs:[0x4cb], 1 0x12b52: nop 0x12b53: mov ah, 0x4a 0x12b55: mov bx, 0xffff 0x12b58: mov cx, 0xbebe 0x12b5b: int 0x21 0x12b5d: cmp ax, cx 0x12b5f: jne 0x12b64 0x12b61: jmp 0x12bf2 0x12b64: mov ah, 0x4a 0x12b66: sub bx, 0x53 0x12b69: nop 0x12b6a: int 0x21 0x12b6c: mov ah, 0x48 0x12b6e: mov bx, 0x52 0x12b71: int 0x21 0x12b73: dec ax 0x12b74: mov es, ax
2018-12-25T12:32:00.301087874Z	74	PC: 12b5d \| Reallocate memory
2018-12-25T12:32:00.305509161Z	74	PC: 12b6c \| Reallocate memory
2018-12-25T12:32:00.306923116Z	72	PC: 12b73 \| Allocate memory
2018-12-25T12:32:00.308504254Z	53	PC: 12b98 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:00.311789527Z	53	PC: 12bc0 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:32:00.313487871Z	53	PC: 12bcc \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:32:00.315118082Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')