Sample viewer

vx.netlux.org/Virus.DOS.Riot.424

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:03.556145289Z 51 PC: 12a5b | Get or set Ctrl-Break
2018-12-17T23:08:03.557379754Z 51 PC: 12a63 | Get or set Ctrl-Break
2018-12-17T23:08:03.55810176Z 53 PC: 12a68 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:03.559183435Z 37 PC: 12a74 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:03.5652379Z 26 PC: 12a7c | Set disk transfer address
2018-12-17T23:08:03.566487561Z 78 PC: 12aa7 | Find first file
2018-12-17T23:08:03.568268242Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T23:08:03.578875892Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:08:03.583053103Z 42 PC: 12b4e | Get date 0x12b4e: cmp dl, 1
0x12b51: je 0x12b55
0x12b53: jmp 0x12b72
0x12b55: cli
0x12b56: mov ah, 2
0x12b58: cdq
0x12b59: mov cx, 0x100
0x12b5c: int 0x26
0x12b5e: jmp 0x12b60
0x12b60: mov al, 3
0x12b62: mov cx, 0x700
0x12b65: mov dx, 0
0x12b68: mov ds, word ptr [di + 0x99]
0x12b6c: mov bx, word ptr [di + 0x55]
0x12b6f: call 0x22b55
0x12b72: mov dx, word ptr [bp + 0x252]
0x12b76: mov ax, 0x4301
0x12b79: int 0x21
0x12b7b: ret
0x12b7c: mov ax, 0x4200
2018-12-17T23:08:03.585078168Z 67 PC: 12b7b | Get or set file attributes
2018-12-17T23:08:03.590036987Z 79 PC: 12ab2 | Find next file
2018-12-17T23:08:03.591716454Z 37 PC: 12abb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:03.592887908Z 51 PC: 12ac1 | Get or set Ctrl-Break

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16068,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:14.826163886Z 51 PC: 12a5b | Get or set Ctrl-Break
2018-12-25T12:45:14.826933145Z 51 PC: 12a63 | Get or set Ctrl-Break
2018-12-25T12:45:14.827981165Z 53 PC: 12a68 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:14.829033192Z 37 PC: 12a74 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:14.829851104Z 26 PC: 12a7c | Set disk transfer address
2018-12-25T12:45:14.8310188Z 78 PC: 12aa7 | Find first file
2018-12-25T12:45:14.832264716Z 67 PC: 12ad0 | Get or set file attributes
2018-12-25T12:45:14.835025291Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:45:14.837939743Z 42 PC: 12b4e | Get date 0x12b4e: cmp dl, 1
0x12b51: je 0x12b55
0x12b53: jmp 0x12b72
0x12b55: cli
0x12b56: mov ah, 2
0x12b58: cdq
0x12b59: mov cx, 0x100
0x12b5c: int 0x26
0x12b5e: jmp 0x12b60
0x12b60: mov al, 3
0x12b62: mov cx, 0x700
0x12b65: mov dx, 0
0x12b68: mov ds, word ptr [di + 0x99]
0x12b6c: mov bx, word ptr [di + 0x55]
0x12b6f: call 0x22b55
0x12b72: mov dx, word ptr [bp + 0x252]
0x12b76: mov ax, 0x4301
0x12b79: int 0x21
0x12b7b: ret
0x12b7c: mov ax, 0x4200

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16068,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:15.507401524Z 51 PC: 12a5b | Get or set Ctrl-Break
2018-12-25T12:45:15.50854352Z 51 PC: 12a63 | Get or set Ctrl-Break
2018-12-25T12:45:15.509255236Z 53 PC: 12a68 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:15.510297152Z 37 PC: 12a74 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:15.511655881Z 26 PC: 12a7c | Set disk transfer address
2018-12-25T12:45:15.512538559Z 78 PC: 12aa7 | Find first file
2018-12-25T12:45:15.514009115Z 67 PC: 12ad0 | Get or set file attributes
2018-12-25T12:45:15.518507172Z 67 PC: 12b7b | Get or set file attributes
2018-12-25T12:45:15.522601115Z 42 PC: 12b4e | Get date 0x12b4e: cmp dl, 1
0x12b51: je 0x12b55
0x12b53: jmp 0x12b72
0x12b55: cli
0x12b56: mov ah, 2
0x12b58: cdq
0x12b59: mov cx, 0x100
0x12b5c: int 0x26
0x12b5e: jmp 0x12b60
0x12b60: mov al, 3
0x12b62: mov cx, 0x700
0x12b65: mov dx, 0
0x12b68: mov ds, word ptr [di + 0x99]
0x12b6c: mov bx, word ptr [di + 0x55]
0x12b6f: call 0x22b55
0x12b72: mov dx, word ptr [bp + 0x252]
0x12b76: mov ax, 0x4301
0x12b79: int 0x21
0x12b7b: ret
0x12b7c: mov ax, 0x4200
2018-12-25T12:45:15.524528985Z 67 PC: 12b7b | Get or set file attributes (See above)
2018-12-25T12:45:15.533609777Z 79 PC: 12ab2 | Find next file
2018-12-25T12:45:15.535069718Z 37 PC: 12abb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:15.535877388Z 51 PC: 12ac1 | Get or set Ctrl-Break