Sample viewer

vx.netlux.org/Virus.DOS.Markiz_II.1024

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:57.915883351Z 44 PC: 1388f | Get time 0x1388f: cmp ch, 0xf
0x13892: ja 0x138fc
0x13894: jmp 0x13a48
0x13897: mov ah, 0x30
0x13899: int 0x21
0x1389b: cmp al, 2
0x1389d: jb 0x138fc
0x1389f: mov ah, 0x36
0x138a1: xor dl, dl
0x138a3: int 0x21
0x138a5: xor dx, dx
0x138a7: push cx
0x138a8: mul bx
0x138aa: cmp dx, 0
0x138ad: jne 0x138bc
0x138af: pop bx
0x138b0: mul bx
0x138b2: cmp dx, 0
0x138b5: jne 0x138bc
0x138b7: cmp ax, 0x1000
2018-12-17T23:09:57.919839426Z 53 PC: 13a4e | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:09:57.92281053Z 53 PC: 13a55 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T23:09:57.925893383Z 53 PC: 13a5c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:57.930242496Z 48 PC: 1389b | Get DOS version
2018-12-17T23:09:57.935763042Z 54 PC: 138a5 | Get free disk space
2018-12-17T23:09:57.948435237Z 53 PC: 13af7 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:57.950410179Z 37 PC: 13b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:57.954050661Z 47 PC: 138c4 | Get disk transfer address
2018-12-17T23:09:57.955727191Z 26 PC: 13ad2 | Set disk transfer address
2018-12-17T23:09:57.957968523Z 78 PC: 138e1 | Find first file
2018-12-17T23:09:57.965744347Z 67 PC: 1392a | Get or set file attributes
2018-12-17T23:09:57.972139155Z 67 PC: 13938 | Get or set file attributes
2018-12-17T23:09:57.990682935Z 61 PC: 1393f | Open file (Filename = 'TEST.EXE')
2018-12-17T23:09:57.999022538Z 87 PC: 13948 | Get or set file date and time
2018-12-17T23:09:58.001970739Z 66 PC: 13a3d | Move file pointer
2018-12-17T23:09:58.003791852Z 63 PC: 13969 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:09:58.006856641Z 87 PC: 13a1e | Get or set file date and time
2018-12-17T23:09:58.010013835Z 62 PC: 13a22 | Close file
2018-12-17T23:09:58.018160215Z 67 PC: 13a30 | Get or set file attributes
2018-12-17T23:09:58.029621544Z 26 PC: 13ad2 | Set disk transfer address
2018-12-17T23:09:58.03186466Z 79 PC: 138f7 | Find next file
2018-12-17T23:09:58.034592026Z 26 PC: 13a8c | Set disk transfer address
2018-12-17T23:09:58.035900174Z 37 PC: 13b18 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:58.038653158Z 42 PC: 13b1e | Get date 0x13b1e: cmp dl, 0x1c
0x13b21: jne 0x13b2e
0x13b23: mov ah, 9
0x13b25: mov dx, 0x2f1
0x13b28: int 0x21
0x13b2a: mov ah, 0
0x13b2c: int 0x16
0x13b2e: ret
0x13b2f: push ax
0x13b30: mov ax, di
0x13b32: cmp al, 0
0x13b34: je 0x13b3c
0x13b36: pop ax
0x13b37: ljmp ptr cs:[0x397]
0x13b3c: pop ax
0x13b3d: mov al, 3
0x13b3f: stc
0x13b40: iret
0x13b41: or ax, 0x560a
0x13b44: imul si, word ptr [bp + si + 0x75], 0x2073
2018-12-17T23:09:58.042319879Z 76 PC: 13842 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":16,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16699,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:43.336250788Z 44 PC: 1388f | Get time 0x1388f: cmp ch, 0xf
0x13892: ja 0x138fc
0x13894: jmp 0x13a48
0x13897: mov ah, 0x30
0x13899: int 0x21
0x1389b: cmp al, 2
0x1389d: jb 0x138fc
0x1389f: mov ah, 0x36
0x138a1: xor dl, dl
0x138a3: int 0x21
0x138a5: xor dx, dx
0x138a7: push cx
0x138a8: mul bx
0x138aa: cmp dx, 0
0x138ad: jne 0x138bc
0x138af: pop bx
0x138b0: mul bx
0x138b2: cmp dx, 0
0x138b5: jne 0x138bc
0x138b7: cmp ax, 0x1000
2018-12-25T13:07:43.338744107Z 37 PC: 13b18 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:43.339783827Z 42 PC: 13b1e | Get date 0x13b1e: cmp dl, 0x1c
0x13b21: jne 0x13b2e
0x13b23: mov ah, 9
0x13b25: mov dx, 0x2f1
0x13b28: int 0x21
0x13b2a: mov ah, 0
0x13b2c: int 0x16
0x13b2e: ret
0x13b2f: push ax
0x13b30: mov ax, di
0x13b32: cmp al, 0
0x13b34: je 0x13b3c
0x13b36: pop ax
0x13b37: ljmp ptr cs:[0x397]
0x13b3c: pop ax
0x13b3d: mov al, 3
0x13b3f: stc
0x13b40: iret
0x13b41: or ax, 0x560a
0x13b44: imul si, word ptr [bp + si + 0x75], 0x2073
2018-12-25T13:07:43.342130964Z 76 PC: 13842 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":16,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16699,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:39.690578303Z 44 PC: 1388f | Get time 0x1388f: cmp ch, 0xf
0x13892: ja 0x138fc
0x13894: jmp 0x13a48
0x13897: mov ah, 0x30
0x13899: int 0x21
0x1389b: cmp al, 2
0x1389d: jb 0x138fc
0x1389f: mov ah, 0x36
0x138a1: xor dl, dl
0x138a3: int 0x21
0x138a5: xor dx, dx
0x138a7: push cx
0x138a8: mul bx
0x138aa: cmp dx, 0
0x138ad: jne 0x138bc
0x138af: pop bx
0x138b0: mul bx
0x138b2: cmp dx, 0
0x138b5: jne 0x138bc
0x138b7: cmp ax, 0x1000
2018-12-25T12:53:39.693101711Z 37 PC: 13b18 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:39.694425846Z 42 PC: 13b1e | Get date 0x13b1e: cmp dl, 0x1c
0x13b21: jne 0x13b2e
0x13b23: mov ah, 9
0x13b25: mov dx, 0x2f1
0x13b28: int 0x21
0x13b2a: mov ah, 0
0x13b2c: int 0x16
0x13b2e: ret
0x13b2f: push ax
0x13b30: mov ax, di
0x13b32: cmp al, 0
0x13b34: je 0x13b3c
0x13b36: pop ax
0x13b37: ljmp ptr cs:[0x397]
0x13b3c: pop ax
0x13b3d: mov al, 3
0x13b3f: stc
0x13b40: iret
0x13b41: or ax, 0x560a
0x13b44: imul si, word ptr [bp + si + 0x75], 0x2073
2018-12-25T12:53:39.697117547Z 76 PC: 13842 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16699,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:39.853279727Z 44 PC: 1388f | Get time 0x1388f: cmp ch, 0xf
0x13892: ja 0x138fc
0x13894: jmp 0x13a48
0x13897: mov ah, 0x30
0x13899: int 0x21
0x1389b: cmp al, 2
0x1389d: jb 0x138fc
0x1389f: mov ah, 0x36
0x138a1: xor dl, dl
0x138a3: int 0x21
0x138a5: xor dx, dx
0x138a7: push cx
0x138a8: mul bx
0x138aa: cmp dx, 0
0x138ad: jne 0x138bc
0x138af: pop bx
0x138b0: mul bx
0x138b2: cmp dx, 0
0x138b5: jne 0x138bc
0x138b7: cmp ax, 0x1000
2018-12-25T12:53:39.856104513Z 53 PC: 13a4e | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:53:39.857424008Z 53 PC: 13a55 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T12:53:39.858858468Z 53 PC: 13a5c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:39.861071172Z 48 PC: 1389b | Get DOS version
2018-12-25T12:53:39.862267102Z 54 PC: 138a5 | Get free disk space
2018-12-25T12:53:39.870800884Z 53 PC: 13af7 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:39.873363749Z 37 PC: 13b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:39.87544257Z 47 PC: 138c4 | Get disk transfer address
2018-12-25T12:53:39.876748549Z 26 PC: 13ad2 | Set disk transfer address
2018-12-25T12:53:39.878534628Z 78 PC: 138e1 | Find first file
2018-12-25T12:53:39.884248592Z 67 PC: 1392a | Get or set file attributes
2018-12-25T12:53:39.889615159Z 67 PC: 13938 | Get or set file attributes
2018-12-25T12:53:39.907109165Z 61 PC: 1393f | Open file (Filename = 'TEST.EXE')
2018-12-25T12:53:39.913914643Z 87 PC: 13948 | Get or set file date and time
2018-12-25T12:53:39.915345792Z 66 PC: 13a3d | Move file pointer
2018-12-25T12:53:39.916770231Z 63 PC: 13969 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:53:39.919382934Z 87 PC: 13a1e | Get or set file date and time
2018-12-25T12:53:39.920988232Z 62 PC: 13a22 | Close file
2018-12-25T12:53:39.927718982Z 67 PC: 13a30 | Get or set file attributes
2018-12-25T12:53:39.94152179Z 26 PC: 13ad2 | Set disk transfer address (See above)
2018-12-25T12:53:39.942673099Z 79 PC: 138f7 | Find next file
2018-12-25T12:53:39.944902415Z 26 PC: 13a8c | Set disk transfer address
2018-12-25T12:53:39.946351037Z 37 PC: 13b18 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:39.947356459Z 42 PC: 13b1e | Get date 0x13b1e: cmp dl, 0x1c
0x13b21: jne 0x13b2e
0x13b23: mov ah, 9
0x13b25: mov dx, 0x2f1
0x13b28: int 0x21
0x13b2a: mov ah, 0
0x13b2c: int 0x16
0x13b2e: ret
0x13b2f: push ax
0x13b30: mov ax, di
0x13b32: cmp al, 0
0x13b34: je 0x13b3c
0x13b36: pop ax
0x13b37: ljmp ptr cs:[0x397]
0x13b3c: pop ax
0x13b3d: mov al, 3
0x13b3f: stc
0x13b40: iret
0x13b41: or ax, 0x560a
0x13b44: imul si, word ptr [bp + si + 0x75], 0x2073
2018-12-25T12:53:39.950366925Z 76 PC: 13842 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16699,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:39.872116424Z 44 PC: 1388f | Get time 0x1388f: cmp ch, 0xf
0x13892: ja 0x138fc
0x13894: jmp 0x13a48
0x13897: mov ah, 0x30
0x13899: int 0x21
0x1389b: cmp al, 2
0x1389d: jb 0x138fc
0x1389f: mov ah, 0x36
0x138a1: xor dl, dl
0x138a3: int 0x21
0x138a5: xor dx, dx
0x138a7: push cx
0x138a8: mul bx
0x138aa: cmp dx, 0
0x138ad: jne 0x138bc
0x138af: pop bx
0x138b0: mul bx
0x138b2: cmp dx, 0
0x138b5: jne 0x138bc
0x138b7: cmp ax, 0x1000
2018-12-25T12:53:39.874882792Z 53 PC: 13a4e | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:53:39.876222725Z 53 PC: 13a55 | Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-25T12:53:39.87752677Z 53 PC: 13a5c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:39.879993081Z 48 PC: 1389b | Get DOS version
2018-12-25T12:53:39.881318027Z 54 PC: 138a5 | Get free disk space
2018-12-25T12:53:39.902560345Z 53 PC: 13af7 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:39.904775612Z 37 PC: 13b08 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:39.905864513Z 47 PC: 138c4 | Get disk transfer address
2018-12-25T12:53:39.907051878Z 26 PC: 13ad2 | Set disk transfer address
2018-12-25T12:53:39.915365688Z 78 PC: 138e1 | Find first file
2018-12-25T12:53:39.921398336Z 67 PC: 1392a | Get or set file attributes
2018-12-25T12:53:39.926948232Z 67 PC: 13938 | Get or set file attributes
2018-12-25T12:53:39.942320337Z 61 PC: 1393f | Open file (Filename = 'TEST.EXE')
2018-12-25T12:53:39.948774663Z 87 PC: 13948 | Get or set file date and time
2018-12-25T12:53:39.950041975Z 66 PC: 13a3d | Move file pointer
2018-12-25T12:53:39.952982574Z 63 PC: 13969 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:53:39.955636711Z 87 PC: 13a1e | Get or set file date and time
2018-12-25T12:53:39.957052075Z 62 PC: 13a22 | Close file
2018-12-25T12:53:39.966577356Z 67 PC: 13a30 | Get or set file attributes
2018-12-25T12:53:39.973447717Z 26 PC: 13ad2 | Set disk transfer address (See above)
2018-12-25T12:53:39.97439879Z 79 PC: 138f7 | Find next file
2018-12-25T12:53:39.976632255Z 26 PC: 13a8c | Set disk transfer address
2018-12-25T12:53:39.983769851Z 37 PC: 13b18 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:39.98469315Z 42 PC: 13b1e | Get date 0x13b1e: cmp dl, 0x1c
0x13b21: jne 0x13b2e
0x13b23: mov ah, 9
0x13b25: mov dx, 0x2f1
0x13b28: int 0x21
0x13b2a: mov ah, 0
0x13b2c: int 0x16
0x13b2e: ret
0x13b2f: push ax
0x13b30: mov ax, di
0x13b32: cmp al, 0
0x13b34: je 0x13b3c
0x13b36: pop ax
0x13b37: ljmp ptr cs:[0x397]
0x13b3c: pop ax
0x13b3d: mov al, 3
0x13b3f: stc
0x13b40: iret
0x13b41: or ax, 0x560a
0x13b44: imul si, word ptr [bp + si + 0x75], 0x2073
2018-12-25T12:53:39.987066275Z 76 PC: 13842 | Terminate with return code (Return code = '0')