Sample viewer

vx.netlux.org/Virus.DOS.Marky.478

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:42.759605591Z	47	PC: 12ac1 \| Get disk transfer address
2018-12-17T22:17:42.762860987Z	26	PC: 12ad0 \| Set disk transfer address
2018-12-17T22:17:42.764484774Z	25	PC: 12ad5 \| Get default drive
2018-12-17T22:17:42.765994473Z	14	PC: 12add \| Set default drive (Drive = 'A')
2018-12-17T22:17:42.768525708Z	78	PC: 12b78 \| Find first file
2018-12-17T22:17:42.774281493Z	61	PC: 12bb9 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:17:42.780275708Z	63	PC: 12bcf \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:42.783879603Z	66	PC: 12bdf \| Move file pointer
2018-12-17T22:17:42.785646273Z	63	PC: 12bef \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:42.78888219Z	66	PC: 12c0c \| Move file pointer
2018-12-17T22:17:42.811162112Z	64	PC: 12c1c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:42.814831269Z	66	PC: 12c27 \| Move file pointer
2018-12-17T22:17:42.816741163Z	64	PC: 12c37 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:42.82047284Z	64	PC: 12c43 \| Write file or device (Write 475 bytes on handle 5)
2018-12-17T22:17:44.134970719Z	62	PC: 12c48 \| Close file
2018-12-17T22:17:44.142110891Z	78	PC: 12b78 \| Find first file
2018-12-17T22:17:44.144458689Z	78	PC: 12b78 \| Find first file
2018-12-17T22:17:44.148062634Z	78	PC: 12b78 \| Find first file
2018-12-17T22:17:44.154157868Z	61	PC: 12bb9 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:44.160565185Z	63	PC: 12bcf \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.168690235Z	66	PC: 12bdf \| Move file pointer
2018-12-17T22:17:44.172454158Z	63	PC: 12bef \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:17:44.178128497Z	66	PC: 12c0c \| Move file pointer
2018-12-17T22:17:44.180879896Z	64	PC: 12c1c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:44.184211467Z	66	PC: 12c27 \| Move file pointer
2018-12-17T22:17:44.18604294Z	64	PC: 12c37 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:44.189319912Z	64	PC: 12c43 \| Write file or device (Write 475 bytes on handle 5)
2018-12-17T22:17:44.2094422Z	62	PC: 12c48 \| Close file
2018-12-17T22:17:44.217761171Z	42	PC: 12b2a \| Get date 0x12b2a: cmp dh, 2 0x12b2d: jne 0x12b51 0x12b2f: cmp dl, 0x1b 0x12b32: jne 0x12b51 0x12b34: mov di, si 0x12b36: add di, 0x1c3 0x12b3a: mov cx, 0x18 0x12b3d: mov dl, byte ptr [di] 0x12b3f: xor dl, 0xf0 0x12b42: mov ax, 0x200 0x12b45: push cx 0x12b46: int 0x21 0x12b48: pop cx 0x12b49: inc di 0x12b4a: loop 0x12b3d 0x12b4c: mov ax, 0x800 0x12b4f: int 0x21 0x12b51: pop dx 0x12b52: pop ds 0x12b53: mov ax, 0x1a00
2018-12-17T22:17:44.220180648Z	26	PC: 12b58 \| Set disk transfer address
2018-12-17T22:17:44.230148701Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3080,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:11.52781021Z	47	PC: 12ac1 \| Get disk transfer address
2018-12-25T11:48:11.531817816Z	26	PC: 12ad0 \| Set disk transfer address
2018-12-25T11:48:11.532793119Z	25	PC: 12ad5 \| Get default drive
2018-12-25T11:48:11.533955423Z	14	PC: 12add \| Set default drive (Drive = 'A')
2018-12-25T11:48:11.535930706Z	78	PC: 12b78 \| Find first file
2018-12-25T11:48:11.541397868Z	61	PC: 12bb9 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:48:11.547307946Z	63	PC: 12bcf \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:11.549983342Z	66	PC: 12bdf \| Move file pointer
2018-12-25T11:48:11.551908684Z	63	PC: 12bef \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:11.554809392Z	66	PC: 12c0c \| Move file pointer
2018-12-25T11:48:11.556114512Z	64	PC: 12c1c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.559326832Z	66	PC: 12c27 \| Move file pointer
2018-12-25T11:48:11.560630089Z	64	PC: 12c37 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.563654108Z	64	PC: 12c43 \| Write file or device (Write 475 bytes on handle 5)
2018-12-25T11:48:11.893063551Z	62	PC: 12c48 \| Close file
2018-12-25T11:48:11.902072637Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:11.904192071Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:11.908059109Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:11.91389984Z	61	PC: 12bb9 \| Open file (See above)
2018-12-25T11:48:11.920269275Z	63	PC: 12bcf \| Read file or device (See above)
2018-12-25T11:48:11.926824446Z	66	PC: 12bdf \| Move file pointer (See above)
2018-12-25T11:48:11.928839171Z	63	PC: 12bef \| Read file or device (See above)
2018-12-25T11:48:11.931869428Z	66	PC: 12c0c \| Move file pointer (See above)
2018-12-25T11:48:11.937998349Z	64	PC: 12c1c \| Write file or device (See above)
2018-12-25T11:48:11.941202835Z	66	PC: 12c27 \| Move file pointer (See above)
2018-12-25T11:48:11.942866263Z	64	PC: 12c37 \| Write file or device (See above)
2018-12-25T11:48:11.945716159Z	64	PC: 12c43 \| Write file or device (See above)
2018-12-25T11:48:11.96063669Z	62	PC: 12c48 \| Close file (See above)
2018-12-25T11:48:11.968301073Z	42	PC: 12b2a \| Get date 0x12b2a: cmp dh, 2 0x12b2d: jne 0x12b51 0x12b2f: cmp dl, 0x1b 0x12b32: jne 0x12b51 0x12b34: mov di, si 0x12b36: add di, 0x1c3 0x12b3a: mov cx, 0x18 0x12b3d: mov dl, byte ptr [di] 0x12b3f: xor dl, 0xf0 0x12b42: mov ax, 0x200 0x12b45: push cx 0x12b46: int 0x21 0x12b48: pop cx 0x12b49: inc di 0x12b4a: loop 0x12b3d 0x12b4c: mov ax, 0x800 0x12b4f: int 0x21 0x12b51: pop dx 0x12b52: pop ds 0x12b53: mov ax, 0x1a00
2018-12-25T11:48:11.970251997Z	26	PC: 12b58 \| Set disk transfer address
2018-12-25T11:48:11.972246106Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3080,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:11.559947579Z	47	PC: 12ac1 \| Get disk transfer address
2018-12-25T11:48:11.561638909Z	26	PC: 12ad0 \| Set disk transfer address
2018-12-25T11:48:11.562783215Z	25	PC: 12ad5 \| Get default drive
2018-12-25T11:48:11.563714147Z	14	PC: 12add \| Set default drive (Drive = 'A')
2018-12-25T11:48:11.565468153Z	78	PC: 12b78 \| Find first file
2018-12-25T11:48:11.571610329Z	61	PC: 12bb9 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:48:11.57631817Z	63	PC: 12bcf \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:11.580156038Z	66	PC: 12bdf \| Move file pointer
2018-12-25T11:48:11.5815866Z	63	PC: 12bef \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:11.584603726Z	66	PC: 12c0c \| Move file pointer
2018-12-25T11:48:11.58599483Z	64	PC: 12c1c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.589318987Z	66	PC: 12c27 \| Move file pointer
2018-12-25T11:48:11.590747276Z	64	PC: 12c37 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.594172009Z	64	PC: 12c43 \| Write file or device (Write 475 bytes on handle 5)
2018-12-25T11:48:12.296105449Z	62	PC: 12c48 \| Close file
2018-12-25T11:48:12.30528609Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:12.309095356Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:12.316073935Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:12.322993874Z	61	PC: 12bb9 \| Open file (See above)
2018-12-25T11:48:12.330493919Z	63	PC: 12bcf \| Read file or device (See above)
2018-12-25T11:48:12.338406959Z	66	PC: 12bdf \| Move file pointer (See above)
2018-12-25T11:48:12.340179269Z	63	PC: 12bef \| Read file or device (See above)
2018-12-25T11:48:12.343430429Z	66	PC: 12c0c \| Move file pointer (See above)
2018-12-25T11:48:12.345524567Z	64	PC: 12c1c \| Write file or device (See above)
2018-12-25T11:48:12.349228744Z	66	PC: 12c27 \| Move file pointer (See above)
2018-12-25T11:48:12.351480981Z	64	PC: 12c37 \| Write file or device (See above)
2018-12-25T11:48:12.356351413Z	64	PC: 12c43 \| Write file or device (See above)
2018-12-25T11:48:12.37199779Z	62	PC: 12c48 \| Close file (See above)
2018-12-25T11:48:12.388526332Z	42	PC: 12b2a \| Get date 0x12b2a: cmp dh, 2 0x12b2d: jne 0x12b51 0x12b2f: cmp dl, 0x1b 0x12b32: jne 0x12b51 0x12b34: mov di, si 0x12b36: add di, 0x1c3 0x12b3a: mov cx, 0x18 0x12b3d: mov dl, byte ptr [di] 0x12b3f: xor dl, 0xf0 0x12b42: mov ax, 0x200 0x12b45: push cx 0x12b46: int 0x21 0x12b48: pop cx 0x12b49: inc di 0x12b4a: loop 0x12b3d 0x12b4c: mov ax, 0x800 0x12b4f: int 0x21 0x12b51: pop dx 0x12b52: pop ds 0x12b53: mov ax, 0x1a00
2018-12-25T11:48:12.391808233Z	26	PC: 12b58 \| Set disk transfer address
2018-12-25T11:48:12.394300946Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":27,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3080,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:11.743291958Z	47	PC: 12ac1 \| Get disk transfer address
2018-12-25T11:48:11.744643974Z	26	PC: 12ad0 \| Set disk transfer address
2018-12-25T11:48:11.746055228Z	25	PC: 12ad5 \| Get default drive
2018-12-25T11:48:11.748068633Z	14	PC: 12add \| Set default drive (Drive = 'A')
2018-12-25T11:48:11.749662321Z	78	PC: 12b78 \| Find first file
2018-12-25T11:48:11.756072726Z	61	PC: 12bb9 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:48:11.762663604Z	63	PC: 12bcf \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:11.765378408Z	66	PC: 12bdf \| Move file pointer
2018-12-25T11:48:11.768193714Z	63	PC: 12bef \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:11.771876189Z	66	PC: 12c0c \| Move file pointer
2018-12-25T11:48:11.773365705Z	64	PC: 12c1c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.77680879Z	66	PC: 12c27 \| Move file pointer
2018-12-25T11:48:11.777880385Z	64	PC: 12c37 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.781654695Z	64	PC: 12c43 \| Write file or device (Write 475 bytes on handle 5)
2018-12-25T11:48:12.296508398Z	62	PC: 12c48 \| Close file
2018-12-25T11:48:12.304640997Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:12.30727075Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:12.311128576Z	78	PC: 12b78 \| Find first file (See above)
2018-12-25T11:48:12.317701173Z	61	PC: 12bb9 \| Open file (See above)
2018-12-25T11:48:12.32555747Z	63	PC: 12bcf \| Read file or device (See above)
2018-12-25T11:48:12.33426245Z	66	PC: 12bdf \| Move file pointer (See above)
2018-12-25T11:48:12.336305537Z	63	PC: 12bef \| Read file or device (See above)
2018-12-25T11:48:12.339333903Z	66	PC: 12c0c \| Move file pointer (See above)
2018-12-25T11:48:12.341268544Z	64	PC: 12c1c \| Write file or device (See above)
2018-12-25T11:48:12.344606783Z	66	PC: 12c27 \| Move file pointer (See above)
2018-12-25T11:48:12.346501435Z	64	PC: 12c37 \| Write file or device (See above)
2018-12-25T11:48:12.349731503Z	64	PC: 12c43 \| Write file or device (See above)
2018-12-25T11:48:12.364650172Z	62	PC: 12c48 \| Close file (See above)
2018-12-25T11:48:12.371435845Z	42	PC: 12b2a \| Get date 0x12b2a: cmp dh, 2 0x12b2d: jne 0x12b51 0x12b2f: cmp dl, 0x1b 0x12b32: jne 0x12b51 0x12b34: mov di, si 0x12b36: add di, 0x1c3 0x12b3a: mov cx, 0x18 0x12b3d: mov dl, byte ptr [di] 0x12b3f: xor dl, 0xf0 0x12b42: mov ax, 0x200 0x12b45: push cx 0x12b46: int 0x21 0x12b48: pop cx 0x12b49: inc di 0x12b4a: loop 0x12b3d 0x12b4c: mov ax, 0x800 0x12b4f: int 0x21 0x12b51: pop dx 0x12b52: pop ds 0x12b53: mov ax, 0x1a00
2018-12-25T11:48:12.373439538Z	2	PC: 12b48 \| Character output (Char = '48')
2018-12-25T11:48:12.375563384Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.378547688Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.381226574Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.385048565Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.387003234Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.388780614Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.391194448Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.394493266Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.398989485Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.404738233Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.406952953Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.409114719Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.411288165Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.413740753Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.416023469Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.418318259Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.421265456Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.423469128Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.425936109Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.428746598Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.430987657Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.434194588Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.437440195Z	2	PC: 12b48 \| Character output (See above)
2018-12-25T11:48:12.43966436Z	8	PC: 12b51 \| Console input without echo