Sample viewer

vx.netlux.org/Virus.DOS.Marina.3888

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:12.971212075Z	25	PC: 12b2c \| Get default drive
2018-12-17T22:59:12.973325086Z	42	PC: 12b3a \| Get date 0x12b3a: cmp dx, 0xc14 0x12b3e: je 0x12b76 0x12b40: call 0x12c49 0x12b43: test al, 7 0x12b45: jne 0x12b4c 0x12b47: mov byte ptr [0x5a5], 0x43 0x12b4c: mov word ptr [0x118], ax 0x12b4f: mov word ptr [0x106], ax 0x12b52: neg ax 0x12b54: add ax, 0x114 0x12b57: mov word ptr [0x10d], ax 0x12b5a: mov bp, 8 0x12b5d: mov si, 0x5a4 0x12b60: mov ax, cs 0x12b62: add ax, 0x1000 0x12b65: mov es, ax 0x12b67: mov di, 0x80 0x12b6a: mov cx, 9 0x12b6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12b6f: mov ds, ax
2018-12-17T22:59:12.976753781Z	26	PC: 12e34 \| Set disk transfer address
2018-12-17T22:59:12.978144875Z	78	PC: 12e45 \| Find first file
2018-12-17T22:59:12.985105336Z	78	PC: 12e73 \| Find first file
2018-12-17T22:59:12.992653743Z	67	PC: 12e9a \| Get or set file attributes
2018-12-17T22:59:12.999101481Z	61	PC: 12d77 \| Open file (Filename = '��1GGJu��`��F;�')
2018-12-17T22:59:13.007389749Z	63	PC: 12d90 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:13.015098877Z	66	PC: 12db1 \| Move file pointer
2018-12-17T22:59:13.017031229Z	66	PC: 12dcb \| Move file pointer
2018-12-17T22:59:13.019311595Z	63	PC: 12dd2 \| Read file or device (Read 407 bytes on handle 5)
2018-12-17T22:59:13.055105376Z	87	PC: 12c7b \| Get or set file date and time
2018-12-17T22:59:13.05702313Z	66	PC: 12c85 \| Move file pointer
2018-12-17T22:59:13.058453549Z	64	PC: 12c8f \| Write file or device (Write 4295 bytes on handle 5)
2018-12-17T22:59:13.308315605Z	87	PC: 12c95 \| Get or set file date and time
2018-12-17T22:59:13.310669669Z	62	PC: 12c98 \| Close file
2018-12-17T22:59:13.319257139Z	26	PC: 12ca0 \| Set disk transfer address
2018-12-17T22:59:13.321027286Z	9	PC: 12a47 \| Display string (String= 'This file infected by virus Marina 1.11')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13132,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:36.808366932Z	25	PC: 12b2c \| Get default drive
2018-12-25T12:37:36.810888635Z	42	PC: 12b3a \| Get date 0x12b3a: cmp dx, 0xc14 0x12b3e: je 0x12b76 0x12b40: call 0x12c49 0x12b43: test al, 7 0x12b45: jne 0x12b4c 0x12b47: mov byte ptr [0x5a5], 0x43 0x12b4c: mov word ptr [0x118], ax 0x12b4f: mov word ptr [0x106], ax 0x12b52: neg ax 0x12b54: add ax, 0x114 0x12b57: mov word ptr [0x10d], ax 0x12b5a: mov bp, 8 0x12b5d: mov si, 0x5a4 0x12b60: mov ax, cs 0x12b62: add ax, 0x1000 0x12b65: mov es, ax 0x12b67: mov di, 0x80 0x12b6a: mov cx, 9 0x12b6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12b6f: mov ds, ax
2018-12-25T12:37:36.813335165Z	26	PC: 12e34 \| Set disk transfer address
2018-12-25T12:37:36.814743145Z	78	PC: 12e45 \| Find first file
2018-12-25T12:37:36.821583825Z	78	PC: 12e73 \| Find first file
2018-12-25T12:37:36.828560555Z	67	PC: 12e9a \| Get or set file attributes
2018-12-25T12:37:36.834509022Z	61	PC: 12d77 \| Open file (Filename = '��1GGJu��`��F;�')
2018-12-25T12:37:36.842002389Z	63	PC: 12d90 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:37:36.848489257Z	66	PC: 12db1 \| Move file pointer
2018-12-25T12:37:36.849835699Z	66	PC: 12dcb \| Move file pointer
2018-12-25T12:37:36.85131013Z	63	PC: 12dd2 \| Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:37:36.869232487Z	87	PC: 12c7b \| Get or set file date and time
2018-12-25T12:37:36.870401461Z	66	PC: 12c85 \| Move file pointer
2018-12-25T12:37:36.872220314Z	64	PC: 12c8f \| Write file or device (Write 4295 bytes on handle 5)
2018-12-25T12:37:38.383363895Z	87	PC: 12c95 \| Get or set file date and time
2018-12-25T12:37:38.384787138Z	62	PC: 12c98 \| Close file
2018-12-25T12:37:38.727906758Z	26	PC: 12ca0 \| Set disk transfer address
2018-12-25T12:37:38.729896729Z	9	PC: 12a47 \| Display string (String= 'This file infected by virus Marina 1.11')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13132,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.014377502Z	25	PC: 12b2c \| Get default drive
2018-12-25T12:37:37.016539221Z	42	PC: 12b3a \| Get date 0x12b3a: cmp dx, 0xc14 0x12b3e: je 0x12b76 0x12b40: call 0x12c49 0x12b43: test al, 7 0x12b45: jne 0x12b4c 0x12b47: mov byte ptr [0x5a5], 0x43 0x12b4c: mov word ptr [0x118], ax 0x12b4f: mov word ptr [0x106], ax 0x12b52: neg ax 0x12b54: add ax, 0x114 0x12b57: mov word ptr [0x10d], ax 0x12b5a: mov bp, 8 0x12b5d: mov si, 0x5a4 0x12b60: mov ax, cs 0x12b62: add ax, 0x1000 0x12b65: mov es, ax 0x12b67: mov di, 0x80 0x12b6a: mov cx, 9 0x12b6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12b6f: mov ds, ax
2018-12-25T12:37:37.019707318Z	53	PC: 12bd1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:37.020886622Z	37	PC: 12bda \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')