Sample viewer

vx.netlux.org/Virus.DOS.Riot.Marked.354

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:45.119536634Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a52
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x22a
0x12a4e: int 0x21
0x12a50: jmp 0x12a63
0x12a52: mov ah, 9
0x12a54: mov dx, 0x1be
0x12a57: int 0x21
0x12a59: mov cx, 0x3e8
0x12a5c: mov ax, 0xe07
0x12a5f: int 0x10
0x12a61: loop 0x12a5f
0x12a63: jmp 0x12b84
0x12a66: pushf
0x12a67: cmp ah, 0x4b
0x12a6a: je 0x12a6e
0x12a6c: jmp 0x12aa7
0x12a6e: mov ax, 0x4301
0x12a71: and cl, 0xfe
2018-12-17T22:59:45.122726352Z 9 PC: 12a50 | Display string (String= 'Bad command or filename ')
2018-12-17T22:59:45.126900519Z 53 PC: 12b89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:45.128211288Z 37 PC: 12b9b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:45.130073121Z 49 PC: 12ba2 | Terminate and stay resident (Return code = '0' | Memory size = '39')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13309,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:59.80250457Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a52
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x22a
0x12a4e: int 0x21
0x12a50: jmp 0x12a63
0x12a52: mov ah, 9
0x12a54: mov dx, 0x1be
0x12a57: int 0x21
0x12a59: mov cx, 0x3e8
0x12a5c: mov ax, 0xe07
0x12a5f: int 0x10
0x12a61: loop 0x12a5f
0x12a63: jmp 0x12b84
0x12a66: pushf
0x12a67: cmp ah, 0x4b
0x12a6a: je 0x12a6e
0x12a6c: jmp 0x12aa7
0x12a6e: mov ax, 0x4301
0x12a71: and cl, 0xfe
2018-12-25T12:37:59.804864068Z 9 PC: 12a50 | Display string (String= 'Bad command or filename ')
2018-12-25T12:37:59.810532532Z 53 PC: 12b89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:59.812046868Z 37 PC: 12b9b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:59.81507997Z 49 PC: 12ba2 | Terminate and stay resident (Return code = '0' | Memory size = '39')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13309,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:59.921007738Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a52
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x22a
0x12a4e: int 0x21
0x12a50: jmp 0x12a63
0x12a52: mov ah, 9
0x12a54: mov dx, 0x1be
0x12a57: int 0x21
0x12a59: mov cx, 0x3e8
0x12a5c: mov ax, 0xe07
0x12a5f: int 0x10
0x12a61: loop 0x12a5f
0x12a63: jmp 0x12b84
0x12a66: pushf
0x12a67: cmp ah, 0x4b
0x12a6a: je 0x12a6e
0x12a6c: jmp 0x12aa7
0x12a6e: mov ax, 0x4301
0x12a71: and cl, 0xfe
2018-12-25T12:37:59.923557121Z 9 PC: 12a59 | Display string (String= 'In any country, prison is where society sends it's failures, but in this country society itself is faily ')
2018-12-25T12:37:59.935294052Z 53 PC: 12b89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:59.93667109Z 37 PC: 12b9b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:59.938029812Z 49 PC: 12ba2 | Terminate and stay resident (Return code = '0' | Memory size = '39')