Sample viewer

vx.netlux.org/Virus.DOS.Riot.Coke.535

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:06:53.968215876Z 26 PC: 12a75 | Set disk transfer address
2018-12-17T22:06:53.970502077Z 71 PC: 12a7f | Get current directory
2018-12-17T22:06:53.973969392Z 78 PC: 12a87 | Find first file
2018-12-17T22:06:53.979961503Z 59 PC: 12bbf | Change current directory
2018-12-17T22:06:54.005479452Z 42 PC: 12ae8 | Get date 0x12ae8: cmp dl, 1
0x12aeb: jne 0x12af7
0x12aed: mov ah, 9
0x12aef: lea dx, word ptr [bp + 0x2b4]
0x12af3: int 0x21
0x12af5: jmp 0x12af5
0x12af7: lea dx, word ptr [bp + 0x35d]
0x12afb: mov ah, 0x3b
0x12afd: int 0x21
0x12aff: pop ds
0x12b00: mov dx, 0x80
0x12b03: mov ah, 0x1a
0x12b05: int 0x21
0x12b07: push ds
0x12b08: pop es
0x12b09: mov ax, es
0x12b0b: add ax, 0x10
0x12b0e: add word ptr cs:[bp + 0x1e4], ax
0x12b13: cli
0x12b14: add ax, word ptr cs:[bp + 0x1e8]
2018-12-17T22:06:54.008001365Z 59 PC: 12aff | Change current directory
2018-12-17T22:06:54.01015525Z 26 PC: 12b07 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1892,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:31.060574265Z 26 PC: 12a75 | Set disk transfer address
2018-12-25T11:44:31.062219863Z 71 PC: 12a7f | Get current directory
2018-12-25T11:44:31.066346047Z 78 PC: 12a87 | Find first file
2018-12-25T11:44:31.073490945Z 59 PC: 12bbf | Change current directory
2018-12-25T11:44:31.078630311Z 42 PC: 12ae8 | Get date 0x12ae8: cmp dl, 1
0x12aeb: jne 0x12af7
0x12aed: mov ah, 9
0x12aef: lea dx, word ptr [bp + 0x2b4]
0x12af3: int 0x21
0x12af5: jmp 0x12af5
0x12af7: lea dx, word ptr [bp + 0x35d]
0x12afb: mov ah, 0x3b
0x12afd: int 0x21
0x12aff: pop ds
0x12b00: mov dx, 0x80
0x12b03: mov ah, 0x1a
0x12b05: int 0x21
0x12b07: push ds
0x12b08: pop es
0x12b09: mov ax, es
0x12b0b: add ax, 0x10
0x12b0e: add word ptr cs:[bp + 0x1e4], ax
0x12b13: cli
0x12b14: add ax, word ptr cs:[bp + 0x1e8]
2018-12-25T11:44:31.081927089Z 9 PC: 12af5 | Display string (String= ' Love to LISA :) ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1892,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:31.445368095Z 26 PC: 12a75 | Set disk transfer address
2018-12-25T11:44:31.447911893Z 71 PC: 12a7f | Get current directory
2018-12-25T11:44:31.451023513Z 78 PC: 12a87 | Find first file
2018-12-25T11:44:31.456908324Z 59 PC: 12bbf | Change current directory
2018-12-25T11:44:31.466731902Z 42 PC: 12ae8 | Get date 0x12ae8: cmp dl, 1
0x12aeb: jne 0x12af7
0x12aed: mov ah, 9
0x12aef: lea dx, word ptr [bp + 0x2b4]
0x12af3: int 0x21
0x12af5: jmp 0x12af5
0x12af7: lea dx, word ptr [bp + 0x35d]
0x12afb: mov ah, 0x3b
0x12afd: int 0x21
0x12aff: pop ds
0x12b00: mov dx, 0x80
0x12b03: mov ah, 0x1a
0x12b05: int 0x21
0x12b07: push ds
0x12b08: pop es
0x12b09: mov ax, es
0x12b0b: add ax, 0x10
0x12b0e: add word ptr cs:[bp + 0x1e4], ax
0x12b13: cli
0x12b14: add ax, word ptr cs:[bp + 0x1e8]
2018-12-25T11:44:31.468865997Z 59 PC: 12aff | Change current directory
2018-12-25T11:44:31.470623098Z 26 PC: 12b07 | Set disk transfer address