Sample viewer

vx.netlux.org/Virus.DOS.VCL.Marbas.1313

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:52.246653164Z	25	PC: 12b85 \| Get default drive
2018-12-17T22:57:52.248289603Z	71	PC: 12b95 \| Get current directory
2018-12-17T22:57:52.251962492Z	42	PC: 12e0b \| Get date 0x12e0b: cmp al, 5 0x12e0d: jne 0x12e17 0x12e0f: cmp dl, 0xd 0x12e12: jne 0x12e17 0x12e14: jmp 0x12e34 0x12e16: nop 0x12e17: mov ah, 0x2c 0x12e19: int 0x21 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret
2018-12-17T22:57:52.254383043Z	44	PC: 12e1b \| Get time 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret 0x12e33: ret 0x12e34: ret 0x12e35: ret 0x12e36: pop bx 0x12e37: cli 0x12e38: push ax 0x12e39: outsw dx, word ptr [si] 0x12e3a: insb byte ptr es:[di], dx
2018-12-17T22:57:52.256957942Z	26	PC: 12c3b \| Set disk transfer address
2018-12-17T22:57:52.25870903Z	78	PC: 12c46 \| Find first file
2018-12-17T22:57:52.263949433Z	26	PC: 12bb0 \| Set disk transfer address
2018-12-17T22:57:52.265081147Z	78	PC: 12bbb \| Find first file
2018-12-17T22:57:52.270484853Z	42	PC: 12e0b \| Get date 0x12e0b: cmp al, 5 0x12e0d: jne 0x12e17 0x12e0f: cmp dl, 0xd 0x12e12: jne 0x12e17 0x12e14: jmp 0x12e34 0x12e16: nop 0x12e17: mov ah, 0x2c 0x12e19: int 0x21 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret
2018-12-17T22:57:52.273091739Z	44	PC: 12e1b \| Get time 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret 0x12e33: ret 0x12e34: ret 0x12e35: ret 0x12e36: pop bx 0x12e37: cli 0x12e38: push ax 0x12e39: outsw dx, word ptr [si] 0x12e3a: insb byte ptr es:[di], dx
2018-12-17T22:57:52.30169507Z	62	PC: 14a69 \| Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12699,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:02.274898087Z	25	PC: 12b85 \| Get default drive
2018-12-25T12:36:02.276988065Z	71	PC: 12b95 \| Get current directory
2018-12-25T12:36:02.280352638Z	42	PC: 12e0b \| Get date 0x12e0b: cmp al, 5 0x12e0d: jne 0x12e17 0x12e0f: cmp dl, 0xd 0x12e12: jne 0x12e17 0x12e14: jmp 0x12e34 0x12e16: nop 0x12e17: mov ah, 0x2c 0x12e19: int 0x21 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret
2018-12-25T12:36:02.282858773Z	44	PC: 12e1b \| Get time 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret 0x12e33: ret 0x12e34: ret 0x12e35: ret 0x12e36: pop bx 0x12e37: cli 0x12e38: push ax 0x12e39: outsw dx, word ptr [si] 0x12e3a: insb byte ptr es:[di], dx
2018-12-25T12:36:02.285471007Z	42	PC: 12e24 \| Get date 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret 0x12e33: ret 0x12e34: ret 0x12e35: ret 0x12e36: pop bx 0x12e37: cli 0x12e38: push ax 0x12e39: outsw dx, word ptr [si] 0x12e3a: insb byte ptr es:[di], dx 0x12e3b: jns 0x12e8a 0x12e3d: outsw dx, word ptr [si] 0x12e3e: jb 0x12eb0 0x12e40: push 0x7369
2018-12-25T12:36:02.296407378Z	26	PC: 12c3b \| Set disk transfer address
2018-12-25T12:36:02.297718371Z	78	PC: 12c46 \| Find first file
2018-12-25T12:36:02.302562466Z	26	PC: 12bb0 \| Set disk transfer address
2018-12-25T12:36:02.305194729Z	78	PC: 12bbb \| Find first file
2018-12-25T12:36:02.315613064Z	42	PC: 12e0b \| Get date (See above)
2018-12-25T12:36:02.318119914Z	44	PC: 12e1b \| Get time (See above)
2018-12-25T12:36:02.320980981Z	42	PC: 12e24 \| Get date (See above)
2018-12-25T12:36:02.369718118Z	64	PC: 19838 \| Write file or device (Write 68 bytes on handle 2)
2018-12-25T12:36:02.374787942Z	64	PC: 19838 \| Write file or device (See above)
2018-12-25T12:36:02.378816296Z	41	PC: 19d8b \| Parse filename
2018-12-25T12:36:02.380628984Z	46	PC: 13d69 \| Set verify flag

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12699,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:02.294752926Z	25	PC: 12b85 \| Get default drive
2018-12-25T12:36:02.296419282Z	71	PC: 12b95 \| Get current directory
2018-12-25T12:36:02.299752934Z	42	PC: 12e0b \| Get date 0x12e0b: cmp al, 5 0x12e0d: jne 0x12e17 0x12e0f: cmp dl, 0xd 0x12e12: jne 0x12e17 0x12e14: jmp 0x12e34 0x12e16: nop 0x12e17: mov ah, 0x2c 0x12e19: int 0x21 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret
2018-12-25T12:36:02.301818986Z	44	PC: 12e1b \| Get time 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret 0x12e33: ret 0x12e34: ret 0x12e35: ret 0x12e36: pop bx 0x12e37: cli 0x12e38: push ax 0x12e39: outsw dx, word ptr [si] 0x12e3a: insb byte ptr es:[di], dx
2018-12-25T12:36:02.30486951Z	42	PC: 12e24 \| Get date 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret 0x12e33: ret 0x12e34: ret 0x12e35: ret 0x12e36: pop bx 0x12e37: cli 0x12e38: push ax 0x12e39: outsw dx, word ptr [si] 0x12e3a: insb byte ptr es:[di], dx 0x12e3b: jns 0x12e8a 0x12e3d: outsw dx, word ptr [si] 0x12e3e: jb 0x12eb0 0x12e40: push 0x7369
2018-12-25T12:36:02.307156671Z	26	PC: 12c3b \| Set disk transfer address
2018-12-25T12:36:02.308148321Z	78	PC: 12c46 \| Find first file
2018-12-25T12:36:02.312548739Z	26	PC: 12bb0 \| Set disk transfer address
2018-12-25T12:36:02.314591689Z	78	PC: 12bbb \| Find first file
2018-12-25T12:36:02.329787458Z	42	PC: 12e0b \| Get date (See above)
2018-12-25T12:36:02.332137977Z	44	PC: 12e1b \| Get time (See above)
2018-12-25T12:36:02.335742333Z	42	PC: 12e24 \| Get date (See above)
2018-12-25T12:36:02.391137654Z	25	PC: 12b85 \| Get default drive (See above)
2018-12-25T12:36:02.392500525Z	71	PC: 12b95 \| Get current directory (See above)
2018-12-25T12:36:02.396081918Z	42	PC: 12e0b \| Get date (See above)
2018-12-25T12:36:02.398550679Z	44	PC: 12e1b \| Get time (See above)
2018-12-25T12:36:02.400923975Z	42	PC: 12e24 \| Get date (See above)
2018-12-25T12:36:02.404416503Z	26	PC: 12c3b \| Set disk transfer address (See above)
2018-12-25T12:36:02.405479377Z	78	PC: 12c46 \| Find first file (See above)
2018-12-25T12:36:02.409673778Z	26	PC: 12bb0 \| Set disk transfer address (See above)
2018-12-25T12:36:02.412653242Z	78	PC: 12bbb \| Find first file (See above)
2018-12-25T12:36:02.416967014Z	42	PC: 12e24 \| Get date (See above)
2018-12-25T12:36:02.419346072Z	67	PC: 12c63 \| Get or set file attributes
2018-12-25T12:36:02.424411602Z	61	PC: 12c6d \| Open file (Filename = 'olyMorphisM�]� ')
2018-12-25T12:36:02.429542999Z	67	PC: 12ce3 \| Get or set file attributes
2018-12-25T12:36:02.432748144Z	79	PC: 12c46 \| Find next file (See above)
2018-12-25T12:36:02.434021464Z	25	PC: 12b85 \| Get default drive (See above)
2018-12-25T12:36:02.435368476Z	71	PC: 12b95 \| Get current directory (See above)
2018-12-25T12:36:02.437330508Z	42	PC: 12e0b \| Get date (See above)
2018-12-25T12:36:02.439013355Z	44	PC: 12e1b \| Get time (See above)
2018-12-25T12:36:02.441089213Z	42	PC: 12e24 \| Get date (See above)
2018-12-25T12:36:02.442837711Z	26	PC: 12c3b \| Set disk transfer address (See above)
2018-12-25T12:36:02.44387234Z	78	PC: 12c46 \| Find first file (See above)
2018-12-25T12:36:02.449533474Z	26	PC: 12bb0 \| Set disk transfer address (See above)
2018-12-25T12:36:02.451245628Z	78	PC: 12bbb \| Find first file (See above)
2018-12-25T12:36:02.456102341Z	25	PC: 12b85 \| Get default drive (See above)
2018-12-25T12:36:02.458324505Z	71	PC: 12b95 \| Get current directory (See above)
2018-12-25T12:36:02.46121549Z	42	PC: 12e0b \| Get date (See above)
2018-12-25T12:36:02.463429239Z	44	PC: 12e1b \| Get time (See above)
2018-12-25T12:36:02.466476311Z	42	PC: 12e24 \| Get date (See above)
2018-12-25T12:36:02.47647548Z	26	PC: 12c3b \| Set disk transfer address (See above)
2018-12-25T12:36:02.477910029Z	78	PC: 12c46 \| Find first file (See above)
2018-12-25T12:36:02.48325989Z	26	PC: 12bb0 \| Set disk transfer address (See above)
2018-12-25T12:36:02.48429297Z	78	PC: 12bbb \| Find first file (See above)
2018-12-25T12:36:02.489213201Z	25	PC: 12b85 \| Get default drive (See above)
2018-12-25T12:36:02.490720833Z	71	PC: 12b95 \| Get current directory (See above)
2018-12-25T12:36:02.493430611Z	42	PC: 12e0b \| Get date (See above)
2018-12-25T12:36:02.495642254Z	44	PC: 12e1b \| Get time (See above)
2018-12-25T12:36:02.497797936Z	42	PC: 12e24 \| Get date (See above)
2018-12-25T12:36:02.500860267Z	26	PC: 12c3b \| Set disk transfer address (See above)
2018-12-25T12:36:02.502110184Z	78	PC: 12c46 \| Find first file (See above)
2018-12-25T12:36:02.511155403Z	61	PC: 12c6d \| Open file (See above)
2018-12-25T12:36:02.518765115Z	63	PC: 12c80 \| Read file or device (Read 3 bytes on handle 1685)
2018-12-25T12:36:02.525146024Z	66	PC: 12cf8 \| Move file pointer
2018-12-25T12:36:02.526809069Z	66	PC: 12cf8 \| Move file pointer (See above)
2018-12-25T12:36:02.529132704Z	63	PC: 12ca8 \| Read file or device (Read 2 bytes on handle 1685)
2018-12-25T12:36:02.531731186Z	66	PC: 12cf8 \| Move file pointer (See above)
2018-12-25T12:36:02.533319722Z	64	PC: 12cc6 \| Write file or device (Write 3 bytes on handle 1685)
2018-12-25T12:36:02.537898269Z	66	PC: 12cf8 \| Move file pointer (See above)
2018-12-25T12:36:02.540030414Z	64	PC: 13040 \| Write file or device (Write 1313 bytes on handle 1685)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12699,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:02.661193953Z	25	PC: 12b85 \| Get default drive
2018-12-25T12:36:02.66339621Z	71	PC: 12b95 \| Get current directory
2018-12-25T12:36:02.674909185Z	42	PC: 12e0b \| Get date 0x12e0b: cmp al, 5 0x12e0d: jne 0x12e17 0x12e0f: cmp dl, 0xd 0x12e12: jne 0x12e17 0x12e14: jmp 0x12e34 0x12e16: nop 0x12e17: mov ah, 0x2c 0x12e19: int 0x21 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret
2018-12-25T12:36:02.677039746Z	44	PC: 12e1b \| Get time 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret 0x12e33: ret 0x12e34: ret 0x12e35: ret 0x12e36: pop bx 0x12e37: cli 0x12e38: push ax 0x12e39: outsw dx, word ptr [si] 0x12e3a: insb byte ptr es:[di], dx
2018-12-25T12:36:02.680660312Z	26	PC: 12c3b \| Set disk transfer address
2018-12-25T12:36:02.681751311Z	78	PC: 12c46 \| Find first file
2018-12-25T12:36:02.68597827Z	26	PC: 12bb0 \| Set disk transfer address
2018-12-25T12:36:02.687301215Z	78	PC: 12bbb \| Find first file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12699,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:02.687080219Z	25	PC: 12b85 \| Get default drive
2018-12-25T12:36:02.688604544Z	71	PC: 12b95 \| Get current directory
2018-12-25T12:36:02.698596728Z	42	PC: 12e0b \| Get date 0x12e0b: cmp al, 5 0x12e0d: jne 0x12e17 0x12e0f: cmp dl, 0xd 0x12e12: jne 0x12e17 0x12e14: jmp 0x12e34 0x12e16: nop 0x12e17: mov ah, 0x2c 0x12e19: int 0x21 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret
2018-12-25T12:36:02.700770263Z	44	PC: 12e1b \| Get time 0x12e1b: cmp ch, 0 0x12e1e: jne 0x12e2b 0x12e20: mov ah, 0x2a 0x12e22: int 0x21 0x12e24: cmp al, 5 0x12e26: jne 0x12e2b 0x12e28: jmp 0x12e35 0x12e2a: nop 0x12e2b: in ax, 0x40 0x12e2d: cmp ax, 0x29a 0x12e30: je 0x12e33 0x12e32: ret 0x12e33: ret 0x12e34: ret 0x12e35: ret 0x12e36: pop bx 0x12e37: cli 0x12e38: push ax 0x12e39: outsw dx, word ptr [si] 0x12e3a: insb byte ptr es:[di], dx
2018-12-25T12:36:02.704070885Z	26	PC: 12c3b \| Set disk transfer address
2018-12-25T12:36:02.705432383Z	78	PC: 12c46 \| Find first file
2018-12-25T12:36:02.709941264Z	26	PC: 12bb0 \| Set disk transfer address
2018-12-25T12:36:02.711542274Z	78	PC: 12bbb \| Find first file