Sample viewer

vx.netlux.org/Virus.DOS.Marina.1296.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:22.507001139Z	25	PC: 12b2c \| Get default drive
2018-12-17T22:29:22.508975756Z	42	PC: 12b3a \| Get date 0x12b3a: cmp dx, 0xc14 0x12b3e: je 0x12b76 0x12b40: call 0x12c49 0x12b43: test al, 7 0x12b45: jne 0x12b4c 0x12b47: mov byte ptr [0x5a6], 0x43 0x12b4c: mov word ptr [0x118], ax 0x12b4f: mov word ptr [0x106], ax 0x12b52: neg ax 0x12b54: add ax, 0x114 0x12b57: mov word ptr [0x10d], ax 0x12b5a: mov bp, 8 0x12b5d: mov si, 0x5a5 0x12b60: mov ax, cs 0x12b62: add ax, 0x1000 0x12b65: mov es, ax 0x12b67: mov di, 0x80 0x12b6a: mov cx, 9 0x12b6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12b6f: mov ds, ax
2018-12-17T22:29:22.51264818Z	26	PC: 12e30 \| Set disk transfer address
2018-12-17T22:29:22.513816481Z	78	PC: 12e41 \| Find first file
2018-12-17T22:29:22.521213003Z	78	PC: 12e6f \| Find first file
2018-12-17T22:29:22.528018549Z	26	PC: 12e30 \| Set disk transfer address
2018-12-17T22:29:22.529037822Z	78	PC: 12e41 \| Find first file
2018-12-17T22:29:22.535331509Z	78	PC: 12e6f \| Find first file
2018-12-17T22:29:22.541316266Z	67	PC: 12e96 \| Get or set file attributes
2018-12-17T22:29:22.547182184Z	61	PC: 12d77 \| Open file (Filename = '��1GGJu��`��F;�')
2018-12-17T22:29:22.555118396Z	63	PC: 12d90 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:29:22.562457407Z	66	PC: 12dad \| Move file pointer
2018-12-17T22:29:22.564179206Z	66	PC: 12dc7 \| Move file pointer
2018-12-17T22:29:22.565765928Z	63	PC: 12dce \| Read file or device (Read 501 bytes on handle 5)
2018-12-17T22:29:22.596914475Z	87	PC: 12c7b \| Get or set file date and time
2018-12-17T22:29:22.599038303Z	66	PC: 12c85 \| Move file pointer
2018-12-17T22:29:22.600434971Z	64	PC: 12c8f \| Write file or device (Write 1797 bytes on handle 5)
2018-12-17T22:29:22.61474006Z	87	PC: 12c95 \| Get or set file date and time
2018-12-17T22:29:22.616532918Z	62	PC: 12c98 \| Close file
2018-12-17T22:29:22.62527607Z	26	PC: 12ca0 \| Set disk transfer address
2018-12-17T22:29:22.628107725Z	9	PC: 12a47 \| Display string (String= 'This file infected by virus Marina 1.09')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5244,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:02.15190148Z	25	PC: 12b2c \| Get default drive
2018-12-25T11:54:02.154185746Z	42	PC: 12b3a \| Get date 0x12b3a: cmp dx, 0xc14 0x12b3e: je 0x12b76 0x12b40: call 0x12c49 0x12b43: test al, 7 0x12b45: jne 0x12b4c 0x12b47: mov byte ptr [0x5a6], 0x43 0x12b4c: mov word ptr [0x118], ax 0x12b4f: mov word ptr [0x106], ax 0x12b52: neg ax 0x12b54: add ax, 0x114 0x12b57: mov word ptr [0x10d], ax 0x12b5a: mov bp, 8 0x12b5d: mov si, 0x5a5 0x12b60: mov ax, cs 0x12b62: add ax, 0x1000 0x12b65: mov es, ax 0x12b67: mov di, 0x80 0x12b6a: mov cx, 9 0x12b6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12b6f: mov ds, ax
2018-12-25T11:54:02.157270912Z	53	PC: 12bd1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:54:02.159207644Z	37	PC: 12bda \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5244,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:02.15228053Z	25	PC: 12b2c \| Get default drive
2018-12-25T11:54:02.155187916Z	42	PC: 12b3a \| Get date 0x12b3a: cmp dx, 0xc14 0x12b3e: je 0x12b76 0x12b40: call 0x12c49 0x12b43: test al, 7 0x12b45: jne 0x12b4c 0x12b47: mov byte ptr [0x5a6], 0x43 0x12b4c: mov word ptr [0x118], ax 0x12b4f: mov word ptr [0x106], ax 0x12b52: neg ax 0x12b54: add ax, 0x114 0x12b57: mov word ptr [0x10d], ax 0x12b5a: mov bp, 8 0x12b5d: mov si, 0x5a5 0x12b60: mov ax, cs 0x12b62: add ax, 0x1000 0x12b65: mov es, ax 0x12b67: mov di, 0x80 0x12b6a: mov cx, 9 0x12b6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12b6f: mov ds, ax
2018-12-25T11:54:02.158749888Z	26	PC: 12e30 \| Set disk transfer address
2018-12-25T11:54:02.160932578Z	78	PC: 12e41 \| Find first file
2018-12-25T11:54:02.168928946Z	78	PC: 12e6f \| Find first file
2018-12-25T11:54:02.177166148Z	26	PC: 12e30 \| Set disk transfer address (See above)
2018-12-25T11:54:02.178408902Z	78	PC: 12e41 \| Find first file (See above)
2018-12-25T11:54:02.185441535Z	78	PC: 12e6f \| Find first file (See above)
2018-12-25T11:54:02.192758103Z	26	PC: 12e30 \| Set disk transfer address (See above)
2018-12-25T11:54:02.194052271Z	78	PC: 12e41 \| Find first file (See above)
2018-12-25T11:54:02.200662146Z	78	PC: 12e6f \| Find first file (See above)
2018-12-25T11:54:02.207762194Z	67	PC: 12e96 \| Get or set file attributes
2018-12-25T11:54:02.214717624Z	61	PC: 12d77 \| Open file (Filename = '��1GGJu��`��F;�')
2018-12-25T11:54:02.222379456Z	63	PC: 12d90 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:54:02.23086311Z	66	PC: 12dad \| Move file pointer
2018-12-25T11:54:02.23244063Z	66	PC: 12dc7 \| Move file pointer
2018-12-25T11:54:02.233845105Z	63	PC: 12dce \| Read file or device (Read 407 bytes on handle 5)
2018-12-25T11:54:02.278377178Z	87	PC: 12c7b \| Get or set file date and time
2018-12-25T11:54:02.280824084Z	66	PC: 12c85 \| Move file pointer
2018-12-25T11:54:02.282411281Z	64	PC: 12c8f \| Write file or device (Write 1703 bytes on handle 5)
2018-12-25T11:54:02.299407953Z	87	PC: 12c95 \| Get or set file date and time
2018-12-25T11:54:02.30196996Z	62	PC: 12c98 \| Close file
2018-12-25T11:54:02.311491148Z	26	PC: 12ca0 \| Set disk transfer address
2018-12-25T11:54:02.313547462Z	9	PC: 12a47 \| Display string (String= 'This file infected by virus Marina 1.09')