Sample viewer

vx.netlux.org/Virus.DOS.Riot.Digital.822

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:37.607478673Z	119	PC: 12a48 \| UNKNOWN!
2018-12-17T23:06:37.609121406Z	42	PC: 12a51 \| Get date 0x12a51: cmp dx, 0x606 0x12a55: jne 0x12a5a 0x12a57: call 0x12c90 0x12a5a: mov ah, 0x4a 0x12a5c: mov bx, 0xffff 0x12a5f: int 0x21 0x12a61: sub bx, 0x35 0x12a64: mov ah, 0x4a 0x12a66: int 0x21 0x12a68: mov ah, 0x48 0x12a6a: mov bx, 0x34 0x12a6d: int 0x21 0x12a6f: jb 0x12ac0 0x12a71: dec ax 0x12a72: mov es, ax 0x12a74: mov word ptr es:[1], 8 0x12a7b: push ax 0x12a7c: mov ax, 0x3521 0x12a7f: int 0x21 0x12a81: mov word ptr [0x2ca], bx
2018-12-17T23:06:37.612914128Z	74	PC: 12a61 \| Reallocate memory
2018-12-17T23:06:37.615163497Z	74	PC: 12a68 \| Reallocate memory
2018-12-17T23:06:37.617092982Z	72	PC: 12a6f \| Allocate memory
2018-12-17T23:06:37.620970863Z	53	PC: 12a81 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:37.622464703Z	53	PC: 12a8d \| Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-17T23:06:37.624482184Z	37	PC: 12ac0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:37.626391593Z	44	PC: 12ad4 \| Get time 0x12ad4: cmp dl, 1 0x12ad7: ja 0x12adc 0x12ad9: call 0x12c51 0x12adc: mov ax, 0x100 0x12adf: jmp ax 0x12ae1: int 0x20 0x12ae3: nop 0x12ae4: jmp 0x12ae7 0x12ae7: cmp ax, 0x7777 0x12aea: jne 0x12af0 0x12aec: mov ax, 0x6952 0x12aef: iret 0x12af0: cmp ax, 0x4b00 0x12af3: je 0x12b55 0x12af5: cmp ah, 0x3d 0x12af8: jne 0x12afd 0x12afa: jmp 0x12c0e 0x12afd: cmp ah, 0x11 0x12b00: je 0x12b0a 0x12b02: cmp ah, 0x12

{"DateBased":true,"Day":6,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15603,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:58.70747663Z	119	PC: 12a48 \| UNKNOWN!
2018-12-25T12:43:58.708700427Z	42	PC: 12a51 \| Get date 0x12a51: cmp dx, 0x606 0x12a55: jne 0x12a5a 0x12a57: call 0x12c90 0x12a5a: mov ah, 0x4a 0x12a5c: mov bx, 0xffff 0x12a5f: int 0x21 0x12a61: sub bx, 0x35 0x12a64: mov ah, 0x4a 0x12a66: int 0x21 0x12a68: mov ah, 0x48 0x12a6a: mov bx, 0x34 0x12a6d: int 0x21 0x12a6f: jb 0x12ac0 0x12a71: dec ax 0x12a72: mov es, ax 0x12a74: mov word ptr es:[1], 8 0x12a7b: push ax 0x12a7c: mov ax, 0x3521 0x12a7f: int 0x21 0x12a81: mov word ptr [0x2ca], bx
2018-12-25T12:44:00.259530772Z	74	PC: 12a61 \| Reallocate memory
2018-12-25T12:44:00.261209926Z	74	PC: 12a68 \| Reallocate memory
2018-12-25T12:44:00.263869776Z	72	PC: 12a6f \| Allocate memory
2018-12-25T12:44:00.265485857Z	53	PC: 12a81 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:00.266719446Z	53	PC: 12a8d \| Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-25T12:44:00.269520335Z	37	PC: 12ac0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:00.270847615Z	44	PC: 12ad4 \| Get time 0x12ad4: cmp dl, 1 0x12ad7: ja 0x12adc 0x12ad9: call 0x12c51 0x12adc: mov ax, 0x100 0x12adf: jmp ax 0x12ae1: int 0x20 0x12ae3: nop 0x12ae4: jmp 0x12ae7 0x12ae7: cmp ax, 0x7777 0x12aea: jne 0x12af0 0x12aec: mov ax, 0x6952 0x12aef: iret 0x12af0: cmp ax, 0x4b00 0x12af3: je 0x12b55 0x12af5: cmp ah, 0x3d 0x12af8: jne 0x12afd 0x12afa: jmp 0x12c0e 0x12afd: cmp ah, 0x11 0x12b00: je 0x12b0a 0x12b02: cmp ah, 0x12

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15603,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:58.996541484Z	119	PC: 12a48 \| UNKNOWN!
2018-12-25T12:43:58.997734899Z	42	PC: 12a51 \| Get date 0x12a51: cmp dx, 0x606 0x12a55: jne 0x12a5a 0x12a57: call 0x12c90 0x12a5a: mov ah, 0x4a 0x12a5c: mov bx, 0xffff 0x12a5f: int 0x21 0x12a61: sub bx, 0x35 0x12a64: mov ah, 0x4a 0x12a66: int 0x21 0x12a68: mov ah, 0x48 0x12a6a: mov bx, 0x34 0x12a6d: int 0x21 0x12a6f: jb 0x12ac0 0x12a71: dec ax 0x12a72: mov es, ax 0x12a74: mov word ptr es:[1], 8 0x12a7b: push ax 0x12a7c: mov ax, 0x3521 0x12a7f: int 0x21 0x12a81: mov word ptr [0x2ca], bx
2018-12-25T12:43:58.999785801Z	74	PC: 12a61 \| Reallocate memory
2018-12-25T12:43:59.001318524Z	74	PC: 12a68 \| Reallocate memory
2018-12-25T12:43:59.00321461Z	72	PC: 12a6f \| Allocate memory
2018-12-25T12:43:59.004770444Z	53	PC: 12a81 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:59.005936873Z	53	PC: 12a8d \| Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-25T12:43:59.008171021Z	37	PC: 12ac0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:59.00929717Z	44	PC: 12ad4 \| Get time 0x12ad4: cmp dl, 1 0x12ad7: ja 0x12adc 0x12ad9: call 0x12c51 0x12adc: mov ax, 0x100 0x12adf: jmp ax 0x12ae1: int 0x20 0x12ae3: nop 0x12ae4: jmp 0x12ae7 0x12ae7: cmp ax, 0x7777 0x12aea: jne 0x12af0 0x12aec: mov ax, 0x6952 0x12aef: iret 0x12af0: cmp ax, 0x4b00 0x12af3: je 0x12b55 0x12af5: cmp ah, 0x3d 0x12af8: jne 0x12afd 0x12afa: jmp 0x12c0e 0x12afd: cmp ah, 0x11 0x12b00: je 0x12b0a 0x12b02: cmp ah, 0x12