Sample viewer

vx.netlux.org/Virus.DOS.Marine.5000

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:01.839066347Z	84	PC: 12c5d \| Get verify flag
2018-12-17T22:25:01.840603292Z	82	PC: 12c96 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:25:01.843610051Z	42	PC: 12cf3 \| Get date 0x12cf3: cmp dh, 7 0x12cf6: je 0x12cfb 0x12cf8: jmp 0x12e76 0x12cfb: call 0x22c33 0x12cfe: mov ah, al 0x12d00: call 0x22c33 0x12d03: push cs 0x12d04: pop es 0x12d05: cld 0x12d06: push ax 0x12d07: mov ah, 0x1b 0x12d09: xor bx, bx 0x12d0b: mov di, 0x1448 0x12d0e: int 0x10 0x12d10: cmp al, 0x1b 0x12d12: je 0x12d21 0x12d14: mov byte ptr [0x666], 0xc3 0x12d19: mov word ptr [0x5ad], 0x9090 0x12d1f: jmp 0x12d26 0x12d21: mov ax, 0x13
2018-12-17T22:25:01.846589076Z	98	PC: 9d355 \| Get current PSP
2018-12-17T22:25:01.847615343Z	61	PC: 9d355 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:25:01.85574493Z	68	PC: 9d355 \| I/O control for devices (Set for = 'A:\TEST.COM')
2018-12-17T22:25:01.85722797Z	63	PC: 9d355 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:25:01.860172754Z	62	PC: 9d355 \| Close file
2018-12-17T22:25:01.871402376Z	37	PC: 9d355 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:01.873154084Z	61	PC: 9d355 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:25:01.882490195Z	98	PC: 9d355 \| Get current PSP
2018-12-17T22:25:01.88479899Z	37	PC: 9d355 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:01.887119743Z	98	PC: 9d355 \| Get current PSP
2018-12-17T22:25:01.8886058Z	37	PC: 9d355 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:01.89080556Z	63	PC: 9d108 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:25:01.900399884Z	98	PC: 9d355 \| Get current PSP
2018-12-17T22:25:01.901669402Z	37	PC: 9d355 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:01.903689483Z	66	PC: 9d108 \| Move file pointer
2018-12-17T22:25:01.905859009Z	66	PC: 9d108 \| Move file pointer
2018-12-17T22:25:01.907672931Z	98	PC: 9d355 \| Get current PSP
2018-12-17T22:25:01.916082686Z	37	PC: 9d355 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:01.917631802Z	63	PC: 9d108 \| Read file or device (Read 100 bytes on handle 5)
2018-12-17T22:25:01.920875217Z	98	PC: 9d355 \| Get current PSP
2018-12-17T22:25:01.922418213Z	37	PC: 9d355 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:01.924131583Z	62	PC: 9d108 \| Close file
2018-12-17T22:25:01.926508588Z	37	PC: 9d355 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4417,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:48.737727084Z	84	PC: 12c5d \| Get verify flag
2018-12-25T11:51:48.739770584Z	82	PC: 12c96 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:51:48.742003508Z	42	PC: 12cf3 \| Get date 0x12cf3: cmp dh, 7 0x12cf6: je 0x12cfb 0x12cf8: jmp 0x12e76 0x12cfb: call 0x22c33 0x12cfe: mov ah, al 0x12d00: call 0x22c33 0x12d03: push cs 0x12d04: pop es 0x12d05: cld 0x12d06: push ax 0x12d07: mov ah, 0x1b 0x12d09: xor bx, bx 0x12d0b: mov di, 0x1448 0x12d0e: int 0x10 0x12d10: cmp al, 0x1b 0x12d12: je 0x12d21 0x12d14: mov byte ptr [0x666], 0xc3 0x12d19: mov word ptr [0x5ad], 0x9090 0x12d1f: jmp 0x12d26 0x12d21: mov ax, 0x13
2018-12-25T11:51:48.745314722Z	98	PC: 9d355 \| Get current PSP
2018-12-25T11:51:48.746798086Z	61	PC: 9d355 \| Open file (See above)
2018-12-25T11:51:48.755065907Z	68	PC: 9d355 \| I/O control for devices (See above)
2018-12-25T11:51:48.756619553Z	63	PC: 9d355 \| Read file or device (See above)
2018-12-25T11:51:48.759437394Z	62	PC: 9d355 \| Close file (See above)
2018-12-25T11:51:48.765821972Z	37	PC: 9d355 \| Set interrupt vector (See above)
2018-12-25T11:51:48.767680026Z	61	PC: 9d355 \| Open file (See above)
2018-12-25T11:51:48.775600304Z	98	PC: 9d355 \| Get current PSP (See above)
2018-12-25T11:51:48.778727469Z	37	PC: 9d355 \| Set interrupt vector (See above)
2018-12-25T11:51:48.78236023Z	98	PC: 9d355 \| Get current PSP (See above)
2018-12-25T11:51:48.788797667Z	37	PC: 9d355 \| Set interrupt vector (See above)
2018-12-25T11:51:48.791704307Z	63	PC: 9d108 \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:51:48.795234747Z	98	PC: 9d355 \| Get current PSP (See above)
2018-12-25T11:51:48.797500282Z	37	PC: 9d355 \| Set interrupt vector (See above)
2018-12-25T11:51:48.799982116Z	66	PC: 9d108 \| Move file pointer (See above)
2018-12-25T11:51:48.801950261Z	66	PC: 9d108 \| Move file pointer (See above)
2018-12-25T11:51:48.80441358Z	98	PC: 9d355 \| Get current PSP (See above)
2018-12-25T11:51:48.805947442Z	37	PC: 9d355 \| Set interrupt vector (See above)
2018-12-25T11:51:48.808267406Z	63	PC: 9d108 \| Read file or device (See above)
2018-12-25T11:51:48.811802011Z	98	PC: 9d355 \| Get current PSP (See above)
2018-12-25T11:51:48.816327128Z	37	PC: 9d355 \| Set interrupt vector (See above)
2018-12-25T11:51:48.8189449Z	62	PC: 9d108 \| Close file (See above)
2018-12-25T11:51:48.821699992Z	37	PC: 9d355 \| Set interrupt vector (See above)

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4417,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:48.741694976Z	84	PC: 12c5d \| Get verify flag
2018-12-25T11:51:48.743229318Z	82	PC: 12c96 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:51:48.745568596Z	42	PC: 12cf3 \| Get date 0x12cf3: cmp dh, 7 0x12cf6: je 0x12cfb 0x12cf8: jmp 0x12e76 0x12cfb: call 0x22c33 0x12cfe: mov ah, al 0x12d00: call 0x22c33 0x12d03: push cs 0x12d04: pop es 0x12d05: cld 0x12d06: push ax 0x12d07: mov ah, 0x1b 0x12d09: xor bx, bx 0x12d0b: mov di, 0x1448 0x12d0e: int 0x10 0x12d10: cmp al, 0x1b 0x12d12: je 0x12d21 0x12d14: mov byte ptr [0x666], 0xc3 0x12d19: mov word ptr [0x5ad], 0x9090 0x12d1f: jmp 0x12d26 0x12d21: mov ax, 0x13