Sample viewer

vx.netlux.org/Virus.DOS.Riot.Dial.1529

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:00.884295807Z	42	PC: 12a97 \| Get date 0x12a97: cmp dl, 1 0x12a9a: jne 0x12aa2 0x12a9c: mov byte ptr cs:[0x682], 1 0x12aa2: mov ax, es 0x12aa4: add ax, 0x10 0x12aa7: add word ptr cs:[bp + 0x205], ax 0x12aac: add word ptr cs:[bp + 0x207], ax 0x12ab1: push es 0x12ab2: mov ah, 0x4a 0x12ab4: mov bx, 0xffff 0x12ab7: mov cx, 0xd0ed 0x12aba: int 0x21 0x12abc: cmp ax, cx 0x12abe: jne 0x12ac3 0x12ac0: jmp 0x12b45 0x12ac3: sub bx, 0x61 0x12ac6: mov ah, 0x4a 0x12ac8: int 0x21 0x12aca: mov ah, 0x48 0x12acc: mov bx, 0x60
2018-12-17T22:16:00.886770305Z	74	PC: 12abc \| Reallocate memory
2018-12-17T22:16:00.888233649Z	74	PC: 12aca \| Reallocate memory
2018-12-17T22:16:00.889943341Z	72	PC: 12ad1 \| Allocate memory
2018-12-17T22:16:00.892608175Z	53	PC: 12aff \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:00.89381967Z	53	PC: 12b0b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:16:00.895300434Z	37	PC: 12b2f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:00.897443267Z	37	PC: 12b36 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2895,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:41.08151735Z	42	PC: 12a97 \| Get date 0x12a97: cmp dl, 1 0x12a9a: jne 0x12aa2 0x12a9c: mov byte ptr cs:[0x682], 1 0x12aa2: mov ax, es 0x12aa4: add ax, 0x10 0x12aa7: add word ptr cs:[bp + 0x205], ax 0x12aac: add word ptr cs:[bp + 0x207], ax 0x12ab1: push es 0x12ab2: mov ah, 0x4a 0x12ab4: mov bx, 0xffff 0x12ab7: mov cx, 0xd0ed 0x12aba: int 0x21 0x12abc: cmp ax, cx 0x12abe: jne 0x12ac3 0x12ac0: jmp 0x12b45 0x12ac3: sub bx, 0x61 0x12ac6: mov ah, 0x4a 0x12ac8: int 0x21 0x12aca: mov ah, 0x48 0x12acc: mov bx, 0x60
2018-12-25T11:47:41.084341744Z	74	PC: 12abc \| Reallocate memory
2018-12-25T11:47:41.085913294Z	74	PC: 12aca \| Reallocate memory
2018-12-25T11:47:41.08718674Z	72	PC: 12ad1 \| Allocate memory
2018-12-25T11:47:41.088794281Z	53	PC: 12aff \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:41.090163164Z	53	PC: 12b0b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:47:41.091217818Z	53	PC: 12b1f \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:47:41.092258114Z	37	PC: 12b2f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:41.094047738Z	37	PC: 12b36 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:47:41.095200915Z	37	PC: 12b45 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2895,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:41.483709873Z	42	PC: 12a97 \| Get date 0x12a97: cmp dl, 1 0x12a9a: jne 0x12aa2 0x12a9c: mov byte ptr cs:[0x682], 1 0x12aa2: mov ax, es 0x12aa4: add ax, 0x10 0x12aa7: add word ptr cs:[bp + 0x205], ax 0x12aac: add word ptr cs:[bp + 0x207], ax 0x12ab1: push es 0x12ab2: mov ah, 0x4a 0x12ab4: mov bx, 0xffff 0x12ab7: mov cx, 0xd0ed 0x12aba: int 0x21 0x12abc: cmp ax, cx 0x12abe: jne 0x12ac3 0x12ac0: jmp 0x12b45 0x12ac3: sub bx, 0x61 0x12ac6: mov ah, 0x4a 0x12ac8: int 0x21 0x12aca: mov ah, 0x48 0x12acc: mov bx, 0x60
2018-12-25T11:47:41.486639059Z	74	PC: 12abc \| Reallocate memory
2018-12-25T11:47:41.488088959Z	74	PC: 12aca \| Reallocate memory
2018-12-25T11:47:41.489156718Z	72	PC: 12ad1 \| Allocate memory
2018-12-25T11:47:41.490601347Z	53	PC: 12aff \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:41.492092733Z	53	PC: 12b0b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:47:41.493060012Z	37	PC: 12b2f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:41.494027486Z	37	PC: 12b36 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2895,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:49.98517522Z	42	PC: 12a97 \| Get date 0x12a97: cmp dl, 1 0x12a9a: jne 0x12aa2 0x12a9c: mov byte ptr cs:[0x682], 1 0x12aa2: mov ax, es 0x12aa4: add ax, 0x10 0x12aa7: add word ptr cs:[bp + 0x205], ax 0x12aac: add word ptr cs:[bp + 0x207], ax 0x12ab1: push es 0x12ab2: mov ah, 0x4a 0x12ab4: mov bx, 0xffff 0x12ab7: mov cx, 0xd0ed 0x12aba: int 0x21 0x12abc: cmp ax, cx 0x12abe: jne 0x12ac3 0x12ac0: jmp 0x12b45 0x12ac3: sub bx, 0x61 0x12ac6: mov ah, 0x4a 0x12ac8: int 0x21 0x12aca: mov ah, 0x48 0x12acc: mov bx, 0x60
2018-12-25T13:06:49.98822479Z	74	PC: 12abc \| Reallocate memory
2018-12-25T13:06:49.990440392Z	74	PC: 12aca \| Reallocate memory
2018-12-25T13:06:49.992147096Z	72	PC: 12ad1 \| Allocate memory
2018-12-25T13:06:49.994317358Z	53	PC: 12aff \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:06:49.996490579Z	53	PC: 12b0b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T13:06:49.997967998Z	53	PC: 12b1f \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:06:49.999421925Z	37	PC: 12b2f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:06:50.005734116Z	37	PC: 12b36 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T13:06:50.011471354Z	37	PC: 12b45 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2895,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:41.918098416Z	42	PC: 12a97 \| Get date 0x12a97: cmp dl, 1 0x12a9a: jne 0x12aa2 0x12a9c: mov byte ptr cs:[0x682], 1 0x12aa2: mov ax, es 0x12aa4: add ax, 0x10 0x12aa7: add word ptr cs:[bp + 0x205], ax 0x12aac: add word ptr cs:[bp + 0x207], ax 0x12ab1: push es 0x12ab2: mov ah, 0x4a 0x12ab4: mov bx, 0xffff 0x12ab7: mov cx, 0xd0ed 0x12aba: int 0x21 0x12abc: cmp ax, cx 0x12abe: jne 0x12ac3 0x12ac0: jmp 0x12b45 0x12ac3: sub bx, 0x61 0x12ac6: mov ah, 0x4a 0x12ac8: int 0x21 0x12aca: mov ah, 0x48 0x12acc: mov bx, 0x60
2018-12-25T11:47:41.921143266Z	74	PC: 12abc \| Reallocate memory
2018-12-25T11:47:41.922812135Z	74	PC: 12aca \| Reallocate memory
2018-12-25T11:47:41.92425656Z	72	PC: 12ad1 \| Allocate memory
2018-12-25T11:47:41.926277618Z	53	PC: 12aff \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:41.92785979Z	53	PC: 12b0b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:47:41.92940942Z	37	PC: 12b2f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:41.931323141Z	37	PC: 12b36 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')