Sample viewer

vx.netlux.org/Virus.DOS.Riot.Keyb.667.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:22.075573896Z 136 PC: 12a55 | UNKNOWN!
2018-12-17T22:45:22.077923098Z 42 PC: 12a62 | Get date 0x12a62: cmp dl, 0x11
0x12a65: jne 0x12a8d
0x12a67: mov cx, 0xf
0x12a6a: lea si, word ptr [bp + 0x32e]
0x12a6e: inc byte ptr [si]
0x12a70: inc si
0x12a71: loop 0x12a6e
0x12a73: mov ah, 0x3c
0x12a75: xor cx, cx
0x12a77: lea dx, word ptr [bp + 0x32e]
0x12a7b: int 0x21
0x12a7d: xchg ax, bx
0x12a7e: mov ah, 0x40
0x12a80: mov cx, 0x51
0x12a83: lea dx, word ptr [bp + 0x33e]
0x12a87: int 0x21
0x12a89: mov ah, 0x3e
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4a
0x12a8f: mov bx, 0xffff
2018-12-17T22:45:22.081349574Z 60 PC: 12a7d | Create or truncate file
2018-12-17T22:45:22.438852506Z 64 PC: 12a89 | Write file or device (Write 81 bytes on handle 5)
2018-12-17T22:45:22.448712485Z 62 PC: 12a8d | Close file
2018-12-17T22:45:22.460333461Z 74 PC: 12a94 | Reallocate memory
2018-12-17T22:45:22.46647741Z 74 PC: 12a9b | Reallocate memory
2018-12-17T22:45:22.469298619Z 72 PC: 12aa2 | Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8520,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:12.068413364Z 136 PC: 12a55 | UNKNOWN!
2018-12-25T12:21:12.069546504Z 42 PC: 12a62 | Get date 0x12a62: cmp dl, 0x11
0x12a65: jne 0x12a8d
0x12a67: mov cx, 0xf
0x12a6a: lea si, word ptr [bp + 0x32e]
0x12a6e: inc byte ptr [si]
0x12a70: inc si
0x12a71: loop 0x12a6e
0x12a73: mov ah, 0x3c
0x12a75: xor cx, cx
0x12a77: lea dx, word ptr [bp + 0x32e]
0x12a7b: int 0x21
0x12a7d: xchg ax, bx
0x12a7e: mov ah, 0x40
0x12a80: mov cx, 0x51
0x12a83: lea dx, word ptr [bp + 0x33e]
0x12a87: int 0x21
0x12a89: mov ah, 0x3e
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4a
0x12a8f: mov bx, 0xffff
2018-12-25T12:21:12.07212953Z 74 PC: 12a94 | Reallocate memory
2018-12-25T12:21:12.073835932Z 74 PC: 12a9b | Reallocate memory
2018-12-25T12:21:12.075381992Z 72 PC: 12aa2 | Allocate memory

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8520,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:12.269865952Z 136 PC: 12a55 | UNKNOWN!
2018-12-25T12:21:12.271220539Z 42 PC: 12a62 | Get date 0x12a62: cmp dl, 0x11
0x12a65: jne 0x12a8d
0x12a67: mov cx, 0xf
0x12a6a: lea si, word ptr [bp + 0x32e]
0x12a6e: inc byte ptr [si]
0x12a70: inc si
0x12a71: loop 0x12a6e
0x12a73: mov ah, 0x3c
0x12a75: xor cx, cx
0x12a77: lea dx, word ptr [bp + 0x32e]
0x12a7b: int 0x21
0x12a7d: xchg ax, bx
0x12a7e: mov ah, 0x40
0x12a80: mov cx, 0x51
0x12a83: lea dx, word ptr [bp + 0x33e]
0x12a87: int 0x21
0x12a89: mov ah, 0x3e
0x12a8b: int 0x21
0x12a8d: mov ah, 0x4a
0x12a8f: mov bx, 0xffff
2018-12-25T12:21:12.273752655Z 60 PC: 12a7d | Create or truncate file
2018-12-25T12:21:13.074332756Z 64 PC: 12a89 | Write file or device (Write 81 bytes on handle 5)
2018-12-25T12:21:13.079708321Z 62 PC: 12a8d | Close file
2018-12-25T12:21:13.089426723Z 74 PC: 12a94 | Reallocate memory
2018-12-25T12:21:13.091483324Z 74 PC: 12a9b | Reallocate memory
2018-12-25T12:21:13.093378867Z 72 PC: 12aa2 | Allocate memory