Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.930

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:43.705698052Z 42 PC: 164e8 | Get date 0x164e8: cmp dl, 0x11
0x164eb: jne 0x16529
0x164ed: mov cx, 0xf
0x164f0: lea si, word ptr [bp + 0x433]
0x164f4: inc byte ptr [si]
0x164f6: inc si
0x164f7: loop 0x164f4
0x164f9: mov ah, 0x3c
0x164fb: xor cx, cx
0x164fd: lea dx, word ptr [bp + 0x433]
0x16501: int 0x21
0x16503: xchg ax, bx
0x16504: in al, 0x41
0x16506: test al, 1
0x16508: jne 0x1651c
0x1650a: mov ah, 0x40
0x1650c: mov cx, 0x51
0x1650f: lea dx, word ptr [bp + 0x443]
0x16513: int 0x21
0x16515: mov ah, 0x3e
2018-12-17T22:41:43.70922397Z 60 PC: 16503 | Create or truncate file
2018-12-17T22:41:44.054555135Z 64 PC: 16515 | Write file or device (Write 81 bytes on handle 5)
2018-12-17T22:41:44.058734039Z 62 PC: 16519 | Close file
2018-12-17T22:41:44.067322049Z 76 PC: 12a48 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7313,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:22.258501524Z 42 PC: 164e8 | Get date 0x164e8: cmp dl, 0x11
0x164eb: jne 0x16529
0x164ed: mov cx, 0xf
0x164f0: lea si, word ptr [bp + 0x433]
0x164f4: inc byte ptr [si]
0x164f6: inc si
0x164f7: loop 0x164f4
0x164f9: mov ah, 0x3c
0x164fb: xor cx, cx
0x164fd: lea dx, word ptr [bp + 0x433]
0x16501: int 0x21
0x16503: xchg ax, bx
0x16504: in al, 0x41
0x16506: test al, 1
0x16508: jne 0x1651c
0x1650a: mov ah, 0x40
0x1650c: mov cx, 0x51
0x1650f: lea dx, word ptr [bp + 0x443]
0x16513: int 0x21
0x16515: mov ah, 0x3e
2018-12-25T12:01:22.261667942Z 60 PC: 16503 | Create or truncate file
2018-12-25T12:01:22.993505361Z 64 PC: 16515 | Write file or device (Write 81 bytes on handle 5)
2018-12-25T12:01:23.001439805Z 62 PC: 16519 | Close file
2018-12-25T12:01:23.011175906Z 76 PC: 12a48 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7313,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:22.281629559Z 42 PC: 164e8 | Get date 0x164e8: cmp dl, 0x11
0x164eb: jne 0x16529
0x164ed: mov cx, 0xf
0x164f0: lea si, word ptr [bp + 0x433]
0x164f4: inc byte ptr [si]
0x164f6: inc si
0x164f7: loop 0x164f4
0x164f9: mov ah, 0x3c
0x164fb: xor cx, cx
0x164fd: lea dx, word ptr [bp + 0x433]
0x16501: int 0x21
0x16503: xchg ax, bx
0x16504: in al, 0x41
0x16506: test al, 1
0x16508: jne 0x1651c
0x1650a: mov ah, 0x40
0x1650c: mov cx, 0x51
0x1650f: lea dx, word ptr [bp + 0x443]
0x16513: int 0x21
0x16515: mov ah, 0x3e
2018-12-25T12:01:22.284523212Z 74 PC: 16533 | Reallocate memory
2018-12-25T12:01:22.286174646Z 74 PC: 1653f | Reallocate memory
2018-12-25T12:01:22.287471515Z 72 PC: 16546 | Allocate memory
2018-12-25T12:01:22.289605645Z 76 PC: 12a48 | Terminate with return code (Return code = '76')