Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.757

Time	Syscall Op	Syscall Name
2018-12-17T22:55:36.526540522Z	136	PC: 13dd9 \| UNKNOWN!
2018-12-17T22:55:36.529587643Z	42	PC: 13de6 \| Get date 0x13de6: cmp dl, 0x11 0x13de9: jne 0x13e29 0x13deb: mov cx, 0xf 0x13dee: lea si, word ptr [bp + 0x388] 0x13df2: inc byte ptr [si] 0x13df4: inc si 0x13df5: loop 0x13df2 0x13df7: mov ah, 0x3c 0x13df9: xor cx, cx 0x13dfb: lea dx, word ptr [bp + 0x388] 0x13dff: int 0x21 0x13e01: xchg ax, bx 0x13e02: mov ah, 0x2c 0x13e04: int 0x21 0x13e06: cmp dl, 0x31 0x13e09: jb 0x13e1c 0x13e0b: mov ah, 0x40 0x13e0d: mov cx, 0x51 0x13e10: lea dx, word ptr [bp + 0x398] 0x13e14: int 0x21
2018-12-17T22:55:36.532800285Z	60	PC: 13e01 \| Create or truncate file
2018-12-17T22:55:36.879805486Z	44	PC: 13e06 \| Get time 0x13e06: cmp dl, 0x31 0x13e09: jb 0x13e1c 0x13e0b: mov ah, 0x40 0x13e0d: mov cx, 0x51 0x13e10: lea dx, word ptr [bp + 0x398] 0x13e14: int 0x21 0x13e16: mov ah, 0x3e 0x13e18: int 0x21 0x13e1a: jmp 0x13e84 0x13e1c: mov ah, 0x40 0x13e1e: mov cx, 0x41 0x13e21: lea dx, word ptr [bp + 0x347] 0x13e25: int 0x21 0x13e27: jmp 0x13e16 0x13e29: mov ah, 0x4a 0x13e2b: mov bx, 0xffff 0x13e2e: int 0x21 0x13e30: sub bx, 0x31 0x13e33: nop 0x13e34: mov ah, 0x4a
2018-12-17T22:55:36.882293705Z	64	PC: 13e16 \| Write file or device (Write 81 bytes on handle 5)
2018-12-17T22:55:36.887231552Z	62	PC: 13e1a \| Close file
2018-12-17T22:55:36.894357423Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

Time	Syscall Op	Syscall Name
2018-12-25T12:31:36.97253037Z	136	PC: 13dd9 \| UNKNOWN!
2018-12-25T12:31:36.973969241Z	42	PC: 13de6 \| Get date 0x13de6: cmp dl, 0x11 0x13de9: jne 0x13e29 0x13deb: mov cx, 0xf 0x13dee: lea si, word ptr [bp + 0x388] 0x13df2: inc byte ptr [si] 0x13df4: inc si 0x13df5: loop 0x13df2 0x13df7: mov ah, 0x3c 0x13df9: xor cx, cx 0x13dfb: lea dx, word ptr [bp + 0x388] 0x13dff: int 0x21 0x13e01: xchg ax, bx 0x13e02: mov ah, 0x2c 0x13e04: int 0x21 0x13e06: cmp dl, 0x31 0x13e09: jb 0x13e1c 0x13e0b: mov ah, 0x40 0x13e0d: mov cx, 0x51 0x13e10: lea dx, word ptr [bp + 0x398] 0x13e14: int 0x21
2018-12-25T12:31:36.976312619Z	74	PC: 13e30 \| Reallocate memory
2018-12-25T12:31:36.978059988Z	74	PC: 13e38 \| Reallocate memory
2018-12-25T12:31:36.980352371Z	72	PC: 13e3f \| Allocate memory
2018-12-25T12:31:36.982109254Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

Time	Syscall Op	Syscall Name
2018-12-25T13:07:19.300159697Z	136	PC: 13dd9 \| UNKNOWN!
2018-12-25T13:07:19.301698121Z	42	PC: 13de6 \| Get date 0x13de6: cmp dl, 0x11 0x13de9: jne 0x13e29 0x13deb: mov cx, 0xf 0x13dee: lea si, word ptr [bp + 0x388] 0x13df2: inc byte ptr [si] 0x13df4: inc si 0x13df5: loop 0x13df2 0x13df7: mov ah, 0x3c 0x13df9: xor cx, cx 0x13dfb: lea dx, word ptr [bp + 0x388] 0x13dff: int 0x21 0x13e01: xchg ax, bx 0x13e02: mov ah, 0x2c 0x13e04: int 0x21 0x13e06: cmp dl, 0x31 0x13e09: jb 0x13e1c 0x13e0b: mov ah, 0x40 0x13e0d: mov cx, 0x51 0x13e10: lea dx, word ptr [bp + 0x398] 0x13e14: int 0x21
2018-12-25T13:07:19.304411369Z	60	PC: 13e01 \| Create or truncate file
2018-12-25T13:07:21.050006853Z	44	PC: 13e06 \| Get time 0x13e06: cmp dl, 0x31 0x13e09: jb 0x13e1c 0x13e0b: mov ah, 0x40 0x13e0d: mov cx, 0x51 0x13e10: lea dx, word ptr [bp + 0x398] 0x13e14: int 0x21 0x13e16: mov ah, 0x3e 0x13e18: int 0x21 0x13e1a: jmp 0x13e84 0x13e1c: mov ah, 0x40 0x13e1e: mov cx, 0x41 0x13e21: lea dx, word ptr [bp + 0x347] 0x13e25: int 0x21 0x13e27: jmp 0x13e16 0x13e29: mov ah, 0x4a 0x13e2b: mov bx, 0xffff 0x13e2e: int 0x21 0x13e30: sub bx, 0x31 0x13e33: nop 0x13e34: mov ah, 0x4a
2018-12-25T13:07:21.0710409Z	64	PC: 13e16 \| Write file or device (Write 81 bytes on handle 5)
2018-12-25T13:07:21.076878295Z	62	PC: 13e1a \| Close file
2018-12-25T13:07:21.112846092Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')