Sample viewer

vx.netlux.org/Virus.DOS.Cascade.792

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:22.671071451Z	48	PC: 12e89 \| Get DOS version
2018-12-17T22:52:22.673243029Z	92	PC: 12e94 \| Lock or unlock file
2018-12-17T22:52:22.674707479Z	80	PC: 12ece \| Set current PSP
2018-12-17T22:52:22.676015092Z	26	PC: 12b4a \| Set disk transfer address
2018-12-17T22:52:22.677721626Z	53	PC: 12b4f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:22.679083626Z	37	PC: 12b62 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:22.680126668Z	42	PC: 12b67 \| Get date 0x12b67: cmp cx, 0x7bc 0x12b6b: je 0x12b7c 0x12b6d: cmp al, 5 0x12b6f: je 0x12b7e 0x12b71: cmp dl, 0x11 0x12b74: je 0x12b7c 0x12b76: mov bp, 0x100 0x12b79: jmp 0x12ab2 0x12b7c: jmp 0x12bda 0x12b7e: cmp dl, 0x11 0x12b81: je 0x12ba8 0x12b83: mov ax, 0x351e 0x12b86: int 0x21 0x12b88: mov al, byte ptr [bx] 0x12b8a: and al, 0xf0 0x12b8c: inc ax 0x12b8d: sub al, 0x60 0x12b8f: mov byte ptr es:[bx], al 0x12b92: mov byte ptr es:[bx + 2], 0xff 0x12b97: mov byte ptr es:[bx + 9], 0xf0

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10862,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:23.40746282Z	48	PC: 12e89 \| Get DOS version
2018-12-25T12:29:23.409316305Z	92	PC: 12e94 \| Lock or unlock file
2018-12-25T12:29:23.410687952Z	80	PC: 12ece \| Set current PSP
2018-12-25T12:29:23.412056913Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T12:29:23.413808405Z	53	PC: 12b4f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.415015641Z	37	PC: 12b62 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.416031584Z	42	PC: 12b67 \| Get date 0x12b67: cmp cx, 0x7bc 0x12b6b: je 0x12b7c 0x12b6d: cmp al, 5 0x12b6f: je 0x12b7e 0x12b71: cmp dl, 0x11 0x12b74: je 0x12b7c 0x12b76: mov bp, 0x100 0x12b79: jmp 0x12ab2 0x12b7c: jmp 0x12bda 0x12b7e: cmp dl, 0x11 0x12b81: je 0x12ba8 0x12b83: mov ax, 0x351e 0x12b86: int 0x21 0x12b88: mov al, byte ptr [bx] 0x12b8a: and al, 0xf0 0x12b8c: inc ax 0x12b8d: sub al, 0x60 0x12b8f: mov byte ptr es:[bx], al 0x12b92: mov byte ptr es:[bx + 2], 0xff 0x12b97: mov byte ptr es:[bx + 9], 0xf0

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10862,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:23.421966237Z	48	PC: 12e89 \| Get DOS version
2018-12-25T12:29:23.423537288Z	92	PC: 12e94 \| Lock or unlock file
2018-12-25T12:29:23.425127764Z	80	PC: 12ece \| Set current PSP
2018-12-25T12:29:23.426467633Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T12:29:23.427830155Z	53	PC: 12b4f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.429384995Z	37	PC: 12b62 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.431494271Z	42	PC: 12b67 \| Get date 0x12b67: cmp cx, 0x7bc 0x12b6b: je 0x12b7c 0x12b6d: cmp al, 5 0x12b6f: je 0x12b7e 0x12b71: cmp dl, 0x11 0x12b74: je 0x12b7c 0x12b76: mov bp, 0x100 0x12b79: jmp 0x12ab2 0x12b7c: jmp 0x12bda 0x12b7e: cmp dl, 0x11 0x12b81: je 0x12ba8 0x12b83: mov ax, 0x351e 0x12b86: int 0x21 0x12b88: mov al, byte ptr [bx] 0x12b8a: and al, 0xf0 0x12b8c: inc ax 0x12b8d: sub al, 0x60 0x12b8f: mov byte ptr es:[bx], al 0x12b92: mov byte ptr es:[bx + 2], 0xff 0x12b97: mov byte ptr es:[bx + 9], 0xf0

{"DateBased":true,"Day":2,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10862,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:23.435009095Z	48	PC: 12e89 \| Get DOS version
2018-12-25T12:29:23.437012806Z	92	PC: 12e94 \| Lock or unlock file
2018-12-25T12:29:23.439229532Z	80	PC: 12ece \| Set current PSP
2018-12-25T12:29:23.440945216Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T12:29:23.443201167Z	53	PC: 12b4f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.444817337Z	37	PC: 12b62 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.4463354Z	42	PC: 12b67 \| Get date 0x12b67: cmp cx, 0x7bc 0x12b6b: je 0x12b7c 0x12b6d: cmp al, 5 0x12b6f: je 0x12b7e 0x12b71: cmp dl, 0x11 0x12b74: je 0x12b7c 0x12b76: mov bp, 0x100 0x12b79: jmp 0x12ab2 0x12b7c: jmp 0x12bda 0x12b7e: cmp dl, 0x11 0x12b81: je 0x12ba8 0x12b83: mov ax, 0x351e 0x12b86: int 0x21 0x12b88: mov al, byte ptr [bx] 0x12b8a: and al, 0xf0 0x12b8c: inc ax 0x12b8d: sub al, 0x60 0x12b8f: mov byte ptr es:[bx], al 0x12b92: mov byte ptr es:[bx + 2], 0xff 0x12b97: mov byte ptr es:[bx + 9], 0xf0
2018-12-25T12:29:23.448831028Z	53	PC: 12b88 \| Get interrupt vector (Interrupt = '30' AKA 'Reserved')

{"DateBased":true,"Day":17,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10862,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:23.63197365Z	48	PC: 12e89 \| Get DOS version
2018-12-25T12:29:23.634510595Z	92	PC: 12e94 \| Lock or unlock file
2018-12-25T12:29:23.636196143Z	80	PC: 12ece \| Set current PSP
2018-12-25T12:29:23.637736865Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T12:29:23.63927355Z	53	PC: 12b4f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.656829552Z	37	PC: 12b62 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.65864771Z	42	PC: 12b67 \| Get date 0x12b67: cmp cx, 0x7bc 0x12b6b: je 0x12b7c 0x12b6d: cmp al, 5 0x12b6f: je 0x12b7e 0x12b71: cmp dl, 0x11 0x12b74: je 0x12b7c 0x12b76: mov bp, 0x100 0x12b79: jmp 0x12ab2 0x12b7c: jmp 0x12bda 0x12b7e: cmp dl, 0x11 0x12b81: je 0x12ba8 0x12b83: mov ax, 0x351e 0x12b86: int 0x21 0x12b88: mov al, byte ptr [bx] 0x12b8a: and al, 0xf0 0x12b8c: inc ax 0x12b8d: sub al, 0x60 0x12b8f: mov byte ptr es:[bx], al 0x12b92: mov byte ptr es:[bx + 2], 0xff 0x12b97: mov byte ptr es:[bx + 9], 0xf0

{"DateBased":true,"Day":17,"Month":4,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10862,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:24.033930735Z	48	PC: 12e89 \| Get DOS version
2018-12-25T12:29:24.036569015Z	92	PC: 12e94 \| Lock or unlock file
2018-12-25T12:29:24.038058401Z	80	PC: 12ece \| Set current PSP
2018-12-25T12:29:24.039667555Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T12:29:24.042200513Z	53	PC: 12b4f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:24.043685971Z	37	PC: 12b62 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:24.045114961Z	42	PC: 12b67 \| Get date 0x12b67: cmp cx, 0x7bc 0x12b6b: je 0x12b7c 0x12b6d: cmp al, 5 0x12b6f: je 0x12b7e 0x12b71: cmp dl, 0x11 0x12b74: je 0x12b7c 0x12b76: mov bp, 0x100 0x12b79: jmp 0x12ab2 0x12b7c: jmp 0x12bda 0x12b7e: cmp dl, 0x11 0x12b81: je 0x12ba8 0x12b83: mov ax, 0x351e 0x12b86: int 0x21 0x12b88: mov al, byte ptr [bx] 0x12b8a: and al, 0xf0 0x12b8c: inc ax 0x12b8d: sub al, 0x60 0x12b8f: mov byte ptr es:[bx], al 0x12b92: mov byte ptr es:[bx + 2], 0xff 0x12b97: mov byte ptr es:[bx + 9], 0xf0
2018-12-25T12:29:24.047571149Z	25	PC: 12bb5 \| Get default drive
2018-12-25T12:29:24.063099013Z	2	PC: 12bd4 \| Character output (Char = '4a')
2018-12-25T12:29:24.065627124Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.068134139Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.07155993Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.074677567Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.077128293Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.090679624Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.093596747Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.097368205Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.100657655Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.10320859Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.105282113Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.108229729Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.111110263Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.113869656Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.11670775Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.120571301Z	2	PC: 12bd4 \| Character output (See above)
2018-12-25T12:29:24.122920168Z	2	PC: 12bd4 \| Character output (See above)