Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.816

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:21:04.237022787Z 136 PC: 164e9 | UNKNOWN!
2018-12-17T22:21:04.23832358Z 42 PC: 164f6 | Get date 0x164f6: cmp dl, 0x11
0x164f9: jne 0x16537
0x164fb: mov cx, 0xf
0x164fe: lea si, word ptr [bp + 0x3c3]
0x16502: inc byte ptr [si]
0x16504: inc si
0x16505: loop 0x16502
0x16507: mov ah, 0x3c
0x16509: xor cx, cx
0x1650b: lea dx, word ptr [bp + 0x3c3]
0x1650f: int 0x21
0x16511: xchg ax, bx
0x16512: in al, 0x41
0x16514: test al, 1
0x16516: jne 0x1652a
0x16518: mov ah, 0x40
0x1651a: mov cx, 0x51
0x1651d: lea dx, word ptr [bp + 0x3d3]
0x16521: int 0x21
0x16523: mov ah, 0x3e
2018-12-17T22:21:04.239820597Z 60 PC: 16511 | Create or truncate file
2018-12-17T22:21:04.577964079Z 64 PC: 16523 | Write file or device (Write 81 bytes on handle 5)
2018-12-17T22:21:04.582097314Z 62 PC: 16527 | Close file
2018-12-17T22:21:04.589328036Z 76 PC: 12a48 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3671,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:47.826451092Z 136 PC: 164e9 | UNKNOWN!
2018-12-25T11:49:47.828015286Z 42 PC: 164f6 | Get date 0x164f6: cmp dl, 0x11
0x164f9: jne 0x16537
0x164fb: mov cx, 0xf
0x164fe: lea si, word ptr [bp + 0x3c3]
0x16502: inc byte ptr [si]
0x16504: inc si
0x16505: loop 0x16502
0x16507: mov ah, 0x3c
0x16509: xor cx, cx
0x1650b: lea dx, word ptr [bp + 0x3c3]
0x1650f: int 0x21
0x16511: xchg ax, bx
0x16512: in al, 0x41
0x16514: test al, 1
0x16516: jne 0x1652a
0x16518: mov ah, 0x40
0x1651a: mov cx, 0x51
0x1651d: lea dx, word ptr [bp + 0x3d3]
0x16521: int 0x21
0x16523: mov ah, 0x3e
2018-12-25T11:49:47.830485556Z 74 PC: 1653e | Reallocate memory
2018-12-25T11:49:47.832265637Z 74 PC: 16546 | Reallocate memory
2018-12-25T11:49:47.834376032Z 72 PC: 1654d | Allocate memory
2018-12-25T11:49:47.842096747Z 76 PC: 12a48 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3671,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:48.155164274Z 136 PC: 164e9 | UNKNOWN!
2018-12-25T11:49:48.157903834Z 42 PC: 164f6 | Get date 0x164f6: cmp dl, 0x11
0x164f9: jne 0x16537
0x164fb: mov cx, 0xf
0x164fe: lea si, word ptr [bp + 0x3c3]
0x16502: inc byte ptr [si]
0x16504: inc si
0x16505: loop 0x16502
0x16507: mov ah, 0x3c
0x16509: xor cx, cx
0x1650b: lea dx, word ptr [bp + 0x3c3]
0x1650f: int 0x21
0x16511: xchg ax, bx
0x16512: in al, 0x41
0x16514: test al, 1
0x16516: jne 0x1652a
0x16518: mov ah, 0x40
0x1651a: mov cx, 0x51
0x1651d: lea dx, word ptr [bp + 0x3d3]
0x16521: int 0x21
0x16523: mov ah, 0x3e
2018-12-25T11:49:48.160907744Z 60 PC: 16511 | Create or truncate file
2018-12-25T11:49:48.522648939Z 64 PC: 16523 | Write file or device (Write 81 bytes on handle 5)
2018-12-25T11:49:48.528338509Z 62 PC: 16527 | Close file
2018-12-25T11:49:48.538975414Z 76 PC: 12a48 | Terminate with return code (Return code = '76')