Sample viewer

vx.netlux.org/Virus.DOS.Riot.Faily.347

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:33:38.541381873Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a53
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x223
0x12a4e: int 0x21
0x12a50: jmp 0x12a64
0x12a53: mov ah, 9
0x12a55: mov dx, 0x1b7
0x12a58: int 0x21
0x12a5a: mov cx, 0x3e8
0x12a5d: mov ax, 0xe07
0x12a60: int 0x10
0x12a62: loop 0x12a60
0x12a64: jmp 0x12b7d
0x12a67: pushf
0x12a68: cmp ah, 0x4b
0x12a6b: je 0x12a6f
0x12a6d: jmp 0x12aa8
0x12a6f: mov ax, 0x4301
0x12a72: and cl, 0xfe
2018-12-17T22:33:38.54495421Z 9 PC: 12a50 | Display string (String= 'Bad command or filename ')
2018-12-17T22:33:38.550381212Z 53 PC: 12b82 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:38.553397276Z 37 PC: 12b94 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:38.555567182Z 49 PC: 12b9b | Terminate and stay resident (Return code = '0' | Memory size = '38')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6018,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:15.085768944Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a53
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x223
0x12a4e: int 0x21
0x12a50: jmp 0x12a64
0x12a53: mov ah, 9
0x12a55: mov dx, 0x1b7
0x12a58: int 0x21
0x12a5a: mov cx, 0x3e8
0x12a5d: mov ax, 0xe07
0x12a60: int 0x10
0x12a62: loop 0x12a60
0x12a64: jmp 0x12b7d
0x12a67: pushf
0x12a68: cmp ah, 0x4b
0x12a6b: je 0x12a6f
0x12a6d: jmp 0x12aa8
0x12a6f: mov ax, 0x4301
0x12a72: and cl, 0xfe
2018-12-25T11:58:15.088544034Z 9 PC: 12a5a | Display string (String= 'In any country, prison is where society sends it's failures, but in this country society itself is faily ')
2018-12-25T11:58:15.099749497Z 53 PC: 12b82 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:15.100996341Z 37 PC: 12b94 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:15.103073475Z 49 PC: 12b9b | Terminate and stay resident (Return code = '0' | Memory size = '38')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6018,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:15.221010287Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a53
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x223
0x12a4e: int 0x21
0x12a50: jmp 0x12a64
0x12a53: mov ah, 9
0x12a55: mov dx, 0x1b7
0x12a58: int 0x21
0x12a5a: mov cx, 0x3e8
0x12a5d: mov ax, 0xe07
0x12a60: int 0x10
0x12a62: loop 0x12a60
0x12a64: jmp 0x12b7d
0x12a67: pushf
0x12a68: cmp ah, 0x4b
0x12a6b: je 0x12a6f
0x12a6d: jmp 0x12aa8
0x12a6f: mov ax, 0x4301
0x12a72: and cl, 0xfe
2018-12-25T11:58:15.223632236Z 9 PC: 12a50 | Display string (String= 'Bad command or filename ')
2018-12-25T11:58:15.227640149Z 53 PC: 12b82 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:15.228913385Z 37 PC: 12b94 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:15.234383585Z 49 PC: 12b9b | Terminate and stay resident (Return code = '0' | Memory size = '38')