Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.873

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:39.63494192Z 254 PC: 13251 | UNKNOWN!
2018-12-17T22:44:39.636951124Z 42 PC: 1325c | Get date 0x1325c: cmp dl, 0x11
0x1325f: jne 0x13289
0x13261: mov cx, 0xf
0x13264: lea si, word ptr [bp + 0x44a]
0x13268: inc byte ptr [si]
0x1326a: inc si
0x1326b: loop 0x13268
0x1326d: mov ah, 0x3c
0x1326f: xor cx, cx
0x13271: lea dx, word ptr [bp + 0x44a]
0x13275: int 0x21
0x13277: xchg ax, bx
0x13278: mov ah, 0x40
0x1327a: mov cx, 0xb2
0x1327d: lea dx, word ptr [bp + 0x398]
0x13281: int 0x21
0x13283: mov ah, 0x3e
0x13285: int 0x21
0x13287: jmp 0x13302
0x13289: mov ah, 0x4a
2018-12-17T22:44:39.639623996Z 60 PC: 13277 | Create or truncate file
2018-12-17T22:44:39.995725121Z 64 PC: 13283 | Write file or device (Write 178 bytes on handle 5)
2018-12-17T22:44:40.001515292Z 62 PC: 13287 | Close file
2018-12-17T22:44:40.010533976Z 9 PC: 12b18 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 2048 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-17T22:44:40.025415302Z 76 PC: 12b1d | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8286,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:08.398686745Z 254 PC: 13251 | UNKNOWN!
2018-12-25T12:04:08.401217874Z 42 PC: 1325c | Get date 0x1325c: cmp dl, 0x11
0x1325f: jne 0x13289
0x13261: mov cx, 0xf
0x13264: lea si, word ptr [bp + 0x44a]
0x13268: inc byte ptr [si]
0x1326a: inc si
0x1326b: loop 0x13268
0x1326d: mov ah, 0x3c
0x1326f: xor cx, cx
0x13271: lea dx, word ptr [bp + 0x44a]
0x13275: int 0x21
0x13277: xchg ax, bx
0x13278: mov ah, 0x40
0x1327a: mov cx, 0xb2
0x1327d: lea dx, word ptr [bp + 0x398]
0x13281: int 0x21
0x13283: mov ah, 0x3e
0x13285: int 0x21
0x13287: jmp 0x13302
0x13289: mov ah, 0x4a
2018-12-25T12:04:08.403712966Z 74 PC: 13290 | Reallocate memory
2018-12-25T12:04:08.40551553Z 74 PC: 13297 | Reallocate memory
2018-12-25T12:04:08.407330945Z 72 PC: 1329e | Allocate memory
2018-12-25T12:04:08.409479173Z 9 PC: 12b18 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 2048 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:04:08.418785003Z 76 PC: 12b1d | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8286,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:08.448056861Z 254 PC: 13251 | UNKNOWN!
2018-12-25T12:04:08.448887665Z 42 PC: 1325c | Get date 0x1325c: cmp dl, 0x11
0x1325f: jne 0x13289
0x13261: mov cx, 0xf
0x13264: lea si, word ptr [bp + 0x44a]
0x13268: inc byte ptr [si]
0x1326a: inc si
0x1326b: loop 0x13268
0x1326d: mov ah, 0x3c
0x1326f: xor cx, cx
0x13271: lea dx, word ptr [bp + 0x44a]
0x13275: int 0x21
0x13277: xchg ax, bx
0x13278: mov ah, 0x40
0x1327a: mov cx, 0xb2
0x1327d: lea dx, word ptr [bp + 0x398]
0x13281: int 0x21
0x13283: mov ah, 0x3e
0x13285: int 0x21
0x13287: jmp 0x13302
0x13289: mov ah, 0x4a
2018-12-25T12:04:08.45212773Z 60 PC: 13277 | Create or truncate file
2018-12-25T12:04:08.785522155Z 64 PC: 13283 | Write file or device (Write 178 bytes on handle 5)
2018-12-25T12:04:08.789290338Z 62 PC: 13287 | Close file
2018-12-25T12:04:08.798260604Z 9 PC: 12b18 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 2048 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:04:08.812749583Z 76 PC: 12b1d | Terminate with return code (Return code = '0')