Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1701.o

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:53.122902657Z	48	PC: 13311 \| Get DOS version
2018-12-17T22:55:53.124966227Z	75	PC: 1331f \| Execute program
2018-12-17T22:55:53.127637334Z	53	PC: 1333a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:53.129648579Z	80	PC: 133a1 \| Set current PSP
2018-12-17T22:55:53.132945165Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:53.135998125Z	26	PC: 12be4 \| Set disk transfer address
2018-12-17T22:55:53.138005546Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-17T22:55:53.141244747Z	9	PC: 13246 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T22:55:53.156837837Z	48	PC: 1324f \| Get DOS version
2018-12-17T22:55:53.158327171Z	61	PC: 1331c \| Open file (Filename = '')
2018-12-17T22:55:53.166485906Z	93	PC: 132be \| File sharing functions
2018-12-17T22:55:53.17052471Z	9	PC: 13246 \| Display string (String= 'Size change=06A5h/01701d. ')
2018-12-17T22:55:53.175218348Z	76	PC: 132a3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12046,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:54.965054748Z	48	PC: 13311 \| Get DOS version
2018-12-25T12:31:54.967207636Z	75	PC: 1331f \| Execute program
2018-12-25T12:31:54.969454554Z	53	PC: 1333a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:54.971309157Z	80	PC: 133a1 \| Set current PSP
2018-12-25T12:31:54.974475429Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:54.977046282Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:31:54.978774726Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:31:54.981590855Z	53	PC: 12bff \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:31:54.983963916Z	37	PC: 12c13 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:31:55.035786691Z	53	PC: 12c40 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:31:55.037226272Z	37	PC: 12c55 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:31:55.040320395Z	9	PC: 13246 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:31:55.045794007Z	42	PC: 13071 \| Get date 0x13071: cmp cx, 0x7c4 0x13075: jb 0x13084 0x13077: ja 0x1307e 0x13079: cmp dh, 0xa 0x1307c: jb 0x13084 0x1307e: and byte ptr cs:[0x157], 0xf7 0x13084: pop dx 0x13085: pop cx 0x13086: pop ax 0x13087: ljmp ptr cs:[0x13b] 0x1308c: push es 0x1308d: push bx 0x1308e: mov ah, 0x48 0x13090: mov bx, 0x6b 0x13093: int 0x21 0x13095: pop bx 0x13096: jae 0x1309b 0x13098: stc 0x13099: pop es 0x1309a: ret
2018-12-25T12:31:55.0516641Z	48	PC: 1324f \| Get DOS version
2018-12-25T12:31:55.053580741Z	61	PC: 1331c \| Open file (Filename = '')
2018-12-25T12:31:55.061546269Z	93	PC: 132be \| File sharing functions
2018-12-25T12:31:55.064027366Z	9	PC: 13246 \| Display string (See above)
2018-12-25T12:31:55.069176523Z	76	PC: 132a3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12046,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:55.001795647Z	48	PC: 13311 \| Get DOS version
2018-12-25T12:31:55.003791853Z	75	PC: 1331f \| Execute program
2018-12-25T12:31:55.005031925Z	53	PC: 1333a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.006124116Z	80	PC: 133a1 \| Set current PSP
2018-12-25T12:31:55.008441794Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.010823184Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:31:55.011929307Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:31:55.014158062Z	9	PC: 13246 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:31:55.019447402Z	48	PC: 1324f \| Get DOS version
2018-12-25T12:31:55.020449804Z	61	PC: 1331c \| Open file (Filename = '')
2018-12-25T12:31:55.02701966Z	93	PC: 132be \| File sharing functions
2018-12-25T12:31:55.029444894Z	9	PC: 13246 \| Display string (See above)
2018-12-25T12:31:55.033218168Z	76	PC: 132a3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12046,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:55.008389139Z	48	PC: 13311 \| Get DOS version
2018-12-25T12:31:55.010862669Z	75	PC: 1331f \| Execute program
2018-12-25T12:31:55.012586161Z	53	PC: 1333a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.014167339Z	80	PC: 133a1 \| Set current PSP
2018-12-25T12:31:55.017172313Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.020524709Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:31:55.022434387Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:31:55.025332999Z	9	PC: 13246 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:31:55.030585391Z	48	PC: 1324f \| Get DOS version
2018-12-25T12:31:55.032231988Z	61	PC: 1331c \| Open file (Filename = '')
2018-12-25T12:31:55.037381275Z	93	PC: 132be \| File sharing functions
2018-12-25T12:31:55.040533841Z	9	PC: 13246 \| Display string (See above)
2018-12-25T12:31:55.043232766Z	76	PC: 132a3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12046,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:55.021967462Z	48	PC: 13311 \| Get DOS version
2018-12-25T12:31:55.024079924Z	75	PC: 1331f \| Execute program
2018-12-25T12:31:55.026356056Z	53	PC: 1333a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.028042101Z	80	PC: 133a1 \| Set current PSP
2018-12-25T12:31:55.03333636Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.034923617Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:31:55.036484488Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:31:55.110614089Z	53	PC: 12c40 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:31:55.112689066Z	37	PC: 12c55 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:31:55.113871284Z	9	PC: 13246 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:31:55.121053329Z	48	PC: 1324f \| Get DOS version
2018-12-25T12:31:55.123852765Z	61	PC: 1331c \| Open file (Filename = '')
2018-12-25T12:31:55.130734009Z	93	PC: 132be \| File sharing functions
2018-12-25T12:31:55.132892897Z	9	PC: 13246 \| Display string (See above)
2018-12-25T12:31:55.138368857Z	76	PC: 132a3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12046,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:55.066614508Z	48	PC: 13311 \| Get DOS version
2018-12-25T12:31:55.068254093Z	75	PC: 1331f \| Execute program
2018-12-25T12:31:55.069865519Z	53	PC: 1333a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.071329927Z	80	PC: 133a1 \| Set current PSP
2018-12-25T12:31:55.074803286Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.076276334Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:31:55.077629482Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:31:55.079218983Z	9	PC: 13246 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:31:55.08275781Z	48	PC: 1324f \| Get DOS version
2018-12-25T12:31:55.083636909Z	61	PC: 1331c \| Open file (Filename = '')
2018-12-25T12:31:55.08812447Z	93	PC: 132be \| File sharing functions
2018-12-25T12:31:55.090718389Z	9	PC: 13246 \| Display string (See above)
2018-12-25T12:31:55.093201419Z	76	PC: 132a3 \| Terminate with return code (Return code = '1')