Sample viewer

vx.netlux.org/Virus.DOS.Cascade.927

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:23.246236266Z	48	PC: 12ad2 \| Get DOS version
2018-12-17T22:53:23.247475431Z	75	PC: 12adf \| Execute program
2018-12-17T22:53:23.248910728Z	53	PC: 12b56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:23.249938829Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:53:23.250931169Z	53	PC: 12b70 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:23.252037244Z	37	PC: 12b80 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:23.252994041Z	37	PC: 12b88 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:53:23.253951146Z	37	PC: 12b90 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:23.255640504Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11196,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:08.085858403Z	48	PC: 12ad2 \| Get DOS version
2018-12-25T12:30:08.088102764Z	75	PC: 12adf \| Execute program
2018-12-25T12:30:08.089873442Z	53	PC: 12b56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:08.091093396Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:30:08.093226802Z	53	PC: 12b70 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:30:08.094399287Z	37	PC: 12b80 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:08.09592075Z	37	PC: 12b88 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:30:08.097212971Z	37	PC: 12b90 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:30:08.108377286Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-25T12:30:08.112534828Z	42	PC: 9f7d0 \| Get date 0x9f7d0: and al, 1 0x9f7d2: jne 0x9f7f2 0x9f7d4: and dh, 1 0x9f7d7: jne 0x9f7f2 0x9f7d9: mov ah, 0x2c 0x9f7db: int 0x21 0x9f7dd: cmp ch, 0xb 0x9f7e0: jne 0x9f7f2 0x9f7e2: cmp cl, 0xb 0x9f7e5: jne 0x9f7f2 0x9f7e7: cmp dh, 0xb 0x9f7ea: jne 0x9f7f2 0x9f7ec: mov byte ptr cs:[0x39d], 3 0x9f7f2: pop dx 0x9f7f3: pop cx 0x9f7f4: pop ax 0x9f7f5: ljmp ptr cs:[0x3a9] 0x9f7fa: jmp 0x9f855 0x9f7fc: nop 0x9f7fd: add cl, ch

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11196,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:08.193907136Z	48	PC: 12ad2 \| Get DOS version
2018-12-25T12:30:08.195440415Z	75	PC: 12adf \| Execute program
2018-12-25T12:30:08.196932132Z	53	PC: 12b56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:08.197961217Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:30:08.200328198Z	53	PC: 12b70 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:30:08.202500848Z	37	PC: 12b80 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:08.20426802Z	37	PC: 12b88 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:30:08.206514579Z	37	PC: 12b90 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:30:08.207721727Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-25T12:30:08.211585891Z	42	PC: 9f7d0 \| Get date 0x9f7d0: and al, 1 0x9f7d2: jne 0x9f7f2 0x9f7d4: and dh, 1 0x9f7d7: jne 0x9f7f2 0x9f7d9: mov ah, 0x2c 0x9f7db: int 0x21 0x9f7dd: cmp ch, 0xb 0x9f7e0: jne 0x9f7f2 0x9f7e2: cmp cl, 0xb 0x9f7e5: jne 0x9f7f2 0x9f7e7: cmp dh, 0xb 0x9f7ea: jne 0x9f7f2 0x9f7ec: mov byte ptr cs:[0x39d], 3 0x9f7f2: pop dx 0x9f7f3: pop cx 0x9f7f4: pop ax 0x9f7f5: ljmp ptr cs:[0x3a9] 0x9f7fa: jmp 0x9f855 0x9f7fc: nop 0x9f7fd: add cl, ch

{"DateBased":true,"Day":4,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11196,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:08.282639039Z	48	PC: 12ad2 \| Get DOS version
2018-12-25T12:30:08.284286173Z	75	PC: 12adf \| Execute program
2018-12-25T12:30:08.286079565Z	53	PC: 12b56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:08.287443951Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:30:08.289951009Z	53	PC: 12b70 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:30:08.291160417Z	37	PC: 12b80 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:08.292273282Z	37	PC: 12b88 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:30:08.294049498Z	37	PC: 12b90 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:30:08.295223504Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-25T12:30:08.29858391Z	42	PC: 9f7d0 \| Get date 0x9f7d0: and al, 1 0x9f7d2: jne 0x9f7f2 0x9f7d4: and dh, 1 0x9f7d7: jne 0x9f7f2 0x9f7d9: mov ah, 0x2c 0x9f7db: int 0x21 0x9f7dd: cmp ch, 0xb 0x9f7e0: jne 0x9f7f2 0x9f7e2: cmp cl, 0xb 0x9f7e5: jne 0x9f7f2 0x9f7e7: cmp dh, 0xb 0x9f7ea: jne 0x9f7f2 0x9f7ec: mov byte ptr cs:[0x39d], 3 0x9f7f2: pop dx 0x9f7f3: pop cx 0x9f7f4: pop ax 0x9f7f5: ljmp ptr cs:[0x3a9] 0x9f7fa: jmp 0x9f855 0x9f7fc: nop 0x9f7fd: add cl, ch