Sample viewer

vx.netlux.org/Virus.DOS.Markiz_II.2642

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:11.290867966Z	48	PC: 12ab9 \| Get DOS version
2018-12-17T22:01:11.294844647Z	75	PC: 12ac2 \| Execute program
2018-12-17T22:01:11.298932631Z	53	PC: 12aec \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:11.302126549Z	37	PC: 12b2a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:11.303572144Z	42	PC: 12b2e \| Get date 0x12b2e: cmp al, 6 0x12b30: je 0x12b69 0x12b32: cmp al, 3 0x12b34: ja 0x12b4e 0x12b36: mov ax, 0x3509 0x12b39: int 0x21 0x12b3b: mov word ptr [0x5c2], bx 0x12b3f: mov word ptr [0x5c4], es 0x12b43: mov ax, 0x2509 0x12b46: mov dx, 0x5ad 0x12b49: int 0x21 0x12b4b: jmp 0x12b69 0x12b4d: nop 0x12b4e: mov ax, 0x3508 0x12b51: int 0x21 0x12b53: mov word ptr [0x713], bx 0x12b57: mov word ptr [0x715], es 0x12b5b: mov word ptr [0xaf4], 0 0x12b61: mov ax, 0x2508 0x12b64: mov dx, 0x711
2018-12-17T22:01:11.305613122Z	53	PC: 12b3b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:01:11.306975218Z	37	PC: 12b4b \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:01:11.30865194Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1245,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:04.47253972Z	48	PC: 12ab9 \| Get DOS version
2018-12-25T11:43:04.474371447Z	75	PC: 12ac2 \| Execute program
2018-12-25T11:43:04.475631059Z	53	PC: 12aec \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.476769403Z	37	PC: 12b2a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.47882398Z	42	PC: 12b2e \| Get date 0x12b2e: cmp al, 6 0x12b30: je 0x12b69 0x12b32: cmp al, 3 0x12b34: ja 0x12b4e 0x12b36: mov ax, 0x3509 0x12b39: int 0x21 0x12b3b: mov word ptr [0x5c2], bx 0x12b3f: mov word ptr [0x5c4], es 0x12b43: mov ax, 0x2509 0x12b46: mov dx, 0x5ad 0x12b49: int 0x21 0x12b4b: jmp 0x12b69 0x12b4d: nop 0x12b4e: mov ax, 0x3508 0x12b51: int 0x21 0x12b53: mov word ptr [0x713], bx 0x12b57: mov word ptr [0x715], es 0x12b5b: mov word ptr [0xaf4], 0 0x12b61: mov ax, 0x2508 0x12b64: mov dx, 0x711
2018-12-25T11:43:04.480347166Z	53	PC: 12b3b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:43:04.481275714Z	37	PC: 12b4b \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:43:04.482320597Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1245,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:04.659669671Z	48	PC: 12ab9 \| Get DOS version
2018-12-25T11:43:04.661048798Z	75	PC: 12ac2 \| Execute program
2018-12-25T11:43:04.671842258Z	53	PC: 12aec \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.673037631Z	37	PC: 12b2a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.674119824Z	42	PC: 12b2e \| Get date 0x12b2e: cmp al, 6 0x12b30: je 0x12b69 0x12b32: cmp al, 3 0x12b34: ja 0x12b4e 0x12b36: mov ax, 0x3509 0x12b39: int 0x21 0x12b3b: mov word ptr [0x5c2], bx 0x12b3f: mov word ptr [0x5c4], es 0x12b43: mov ax, 0x2509 0x12b46: mov dx, 0x5ad 0x12b49: int 0x21 0x12b4b: jmp 0x12b69 0x12b4d: nop 0x12b4e: mov ax, 0x3508 0x12b51: int 0x21 0x12b53: mov word ptr [0x713], bx 0x12b57: mov word ptr [0x715], es 0x12b5b: mov word ptr [0xaf4], 0 0x12b61: mov ax, 0x2508 0x12b64: mov dx, 0x711
2018-12-25T11:43:04.677410629Z	53	PC: 12b53 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:43:04.678526784Z	37	PC: 12b69 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:43:04.679577917Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1245,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:04.697759771Z	48	PC: 12ab9 \| Get DOS version
2018-12-25T11:43:04.700956396Z	75	PC: 12ac2 \| Execute program
2018-12-25T11:43:04.703186545Z	53	PC: 12aec \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.704645229Z	37	PC: 12b2a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.705955502Z	42	PC: 12b2e \| Get date 0x12b2e: cmp al, 6 0x12b30: je 0x12b69 0x12b32: cmp al, 3 0x12b34: ja 0x12b4e 0x12b36: mov ax, 0x3509 0x12b39: int 0x21 0x12b3b: mov word ptr [0x5c2], bx 0x12b3f: mov word ptr [0x5c4], es 0x12b43: mov ax, 0x2509 0x12b46: mov dx, 0x5ad 0x12b49: int 0x21 0x12b4b: jmp 0x12b69 0x12b4d: nop 0x12b4e: mov ax, 0x3508 0x12b51: int 0x21 0x12b53: mov word ptr [0x713], bx 0x12b57: mov word ptr [0x715], es 0x12b5b: mov word ptr [0xaf4], 0 0x12b61: mov ax, 0x2508 0x12b64: mov dx, 0x711
2018-12-25T11:43:04.709027296Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')