Sample viewer

vx.netlux.org/Virus.DOS.Riot.355

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:39:38.001167076Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a53
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x22b
0x12a4e: int 0x21
0x12a50: jmp 0x12a64
0x12a52: nop
0x12a53: mov ah, 9
0x12a55: mov dx, 0x1bf
0x12a58: int 0x21
0x12a5a: mov cx, 0x3e8
0x12a5d: mov ax, 0xe07
0x12a60: int 0x10
0x12a62: loop 0x12a60
0x12a64: jmp 0x12b85
0x12a67: pushf
0x12a68: cmp ah, 0x4b
0x12a6b: je 0x12a6f
0x12a6d: jmp 0x12aa8
0x12a6f: mov ax, 0x4301
2018-12-17T22:39:38.005338383Z 9 PC: 12a50 | Display string (String= 'Bad command or filename ')
2018-12-17T22:39:38.010337562Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:38.012104128Z 37 PC: 12b9c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:38.014160633Z 49 PC: 12ba3 | Terminate and stay resident (Return code = '0' | Memory size = '39')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6820,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:19.311191025Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a53
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x22b
0x12a4e: int 0x21
0x12a50: jmp 0x12a64
0x12a52: nop
0x12a53: mov ah, 9
0x12a55: mov dx, 0x1bf
0x12a58: int 0x21
0x12a5a: mov cx, 0x3e8
0x12a5d: mov ax, 0xe07
0x12a60: int 0x10
0x12a62: loop 0x12a60
0x12a64: jmp 0x12b85
0x12a67: pushf
0x12a68: cmp ah, 0x4b
0x12a6b: je 0x12a6f
0x12a6d: jmp 0x12aa8
0x12a6f: mov ax, 0x4301
2018-12-25T12:00:19.313672546Z 9 PC: 12a50 | Display string (String= 'Bad command or filename ')
2018-12-25T12:00:19.316652663Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:19.318257304Z 37 PC: 12b9c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:19.320279074Z 49 PC: 12ba3 | Terminate and stay resident (Return code = '0' | Memory size = '39')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6820,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:19.43111904Z 42 PC: 12a44 | Get date 0x12a44: cmp dl, 0x15
0x12a47: je 0x12a53
0x12a49: mov ah, 9
0x12a4b: mov dx, 0x22b
0x12a4e: int 0x21
0x12a50: jmp 0x12a64
0x12a52: nop
0x12a53: mov ah, 9
0x12a55: mov dx, 0x1bf
0x12a58: int 0x21
0x12a5a: mov cx, 0x3e8
0x12a5d: mov ax, 0xe07
0x12a60: int 0x10
0x12a62: loop 0x12a60
0x12a64: jmp 0x12b85
0x12a67: pushf
0x12a68: cmp ah, 0x4b
0x12a6b: je 0x12a6f
0x12a6d: jmp 0x12aa8
0x12a6f: mov ax, 0x4301
2018-12-25T12:00:19.434369228Z 9 PC: 12a5a | Display string (String= 'In any country, prison is where society sends it's failures, but in this country society itself is faily ')
2018-12-25T12:00:19.443522172Z 53 PC: 12b8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:19.44491319Z 37 PC: 12b9c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:19.446227118Z 49 PC: 12ba3 | Terminate and stay resident (Return code = '0' | Memory size = '39')