Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.865

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:59:21.533902958Z 119 PC: 141c1 | UNKNOWN!
2018-12-17T21:59:21.536107686Z 42 PC: 141cc | Get date 0x141cc: cmp dl, 0x11
0x141cf: jne 0x1420d
0x141d1: mov cx, 0xf
0x141d4: lea si, word ptr [bp + 0x3f4]
0x141d8: inc byte ptr [si]
0x141da: inc si
0x141db: loop 0x141d8
0x141dd: mov ah, 0x3c
0x141df: xor cx, cx
0x141e1: lea dx, word ptr [bp + 0x3f4]
0x141e5: int 0x21
0x141e7: xchg ax, bx
0x141e8: in al, 0x41
0x141ea: test al, 1
0x141ec: jne 0x14200
0x141ee: mov ah, 0x40
0x141f0: mov cx, 0x51
0x141f3: lea dx, word ptr [bp + 0x404]
0x141f7: int 0x21
0x141f9: mov ah, 0x3e
2018-12-17T21:59:21.53871287Z 60 PC: 141e7 | Create or truncate file
2018-12-17T21:59:22.218165924Z 64 PC: 141f9 | Write file or device (Write 81 bytes on handle 5)
2018-12-17T21:59:22.222670752Z 62 PC: 141fd | Close file
2018-12-17T21:59:22.229821514Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/k...). Size=00001770h/0000006000d bytes. ')
2018-12-17T21:59:22.235108249Z 48 PC: 12a8f | Get DOS version
2018-12-17T21:59:22.237221224Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T21:59:22.243692189Z 93 PC: 12afe | File sharing functions
2018-12-17T21:59:22.245388596Z 9 PC: 12a86 | Display string (String= 'Size change=0361h/00865d. ')
2018-12-17T21:59:22.250010166Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1032,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:25.671867853Z 119 PC: 141c1 | UNKNOWN!
2018-12-25T11:42:25.673965042Z 42 PC: 141cc | Get date 0x141cc: cmp dl, 0x11
0x141cf: jne 0x1420d
0x141d1: mov cx, 0xf
0x141d4: lea si, word ptr [bp + 0x3f4]
0x141d8: inc byte ptr [si]
0x141da: inc si
0x141db: loop 0x141d8
0x141dd: mov ah, 0x3c
0x141df: xor cx, cx
0x141e1: lea dx, word ptr [bp + 0x3f4]
0x141e5: int 0x21
0x141e7: xchg ax, bx
0x141e8: in al, 0x41
0x141ea: test al, 1
0x141ec: jne 0x14200
0x141ee: mov ah, 0x40
0x141f0: mov cx, 0x51
0x141f3: lea dx, word ptr [bp + 0x404]
0x141f7: int 0x21
0x141f9: mov ah, 0x3e
2018-12-25T11:42:25.676731933Z 74 PC: 14214 | Reallocate memory
2018-12-25T11:42:25.678675309Z 74 PC: 1421c | Reallocate memory
2018-12-25T11:42:25.680349954Z 72 PC: 14223 | Allocate memory
2018-12-25T11:42:25.690257562Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/k...). Size=00001770h/0000006000d bytes. ')
2018-12-25T11:42:25.696612974Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:42:25.698180105Z 61 PC: 9fa8a | Open file (Filename = '')
2018-12-25T11:42:25.706574714Z 63 PC: 9fa98 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:42:25.709499744Z 62 PC: 9fb08 | Close file
2018-12-25T11:42:25.71148434Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:42:25.719873131Z 93 PC: 12afe | File sharing functions
2018-12-25T11:42:25.721970912Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:42:25.726850016Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1032,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:25.78821013Z 119 PC: 141c1 | UNKNOWN!
2018-12-25T11:42:25.789981262Z 42 PC: 141cc | Get date 0x141cc: cmp dl, 0x11
0x141cf: jne 0x1420d
0x141d1: mov cx, 0xf
0x141d4: lea si, word ptr [bp + 0x3f4]
0x141d8: inc byte ptr [si]
0x141da: inc si
0x141db: loop 0x141d8
0x141dd: mov ah, 0x3c
0x141df: xor cx, cx
0x141e1: lea dx, word ptr [bp + 0x3f4]
0x141e5: int 0x21
0x141e7: xchg ax, bx
0x141e8: in al, 0x41
0x141ea: test al, 1
0x141ec: jne 0x14200
0x141ee: mov ah, 0x40
0x141f0: mov cx, 0x51
0x141f3: lea dx, word ptr [bp + 0x404]
0x141f7: int 0x21
0x141f9: mov ah, 0x3e
2018-12-25T11:42:25.79273162Z 60 PC: 141e7 | Create or truncate file
2018-12-25T11:42:26.145964811Z 64 PC: 141f9 | Write file or device (Write 81 bytes on handle 5)
2018-12-25T11:42:26.150993842Z 62 PC: 141fd | Close file
2018-12-25T11:42:26.161538586Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/k...). Size=00001770h/0000006000d bytes. ')
2018-12-25T11:42:26.168016384Z 48 PC: 12a8f | Get DOS version
2018-12-25T11:42:26.169740868Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T11:42:26.178720337Z 93 PC: 12afe | File sharing functions
2018-12-25T11:42:26.18088877Z 9 PC: 12a86 | Display string (See above)
2018-12-25T11:42:26.185459944Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')