Sample viewer

vx.netlux.org/Virus.DOS.Corrupted.Cascade.1701

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:49.153796975Z	48	PC: 12a8e \| Get DOS version
2018-12-17T22:56:49.155590107Z	75	PC: 12a9c \| Execute program
2018-12-17T22:56:49.158323115Z	53	PC: 12ab7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:49.160949312Z	80	PC: 12b1e \| Set current PSP
2018-12-17T22:56:49.16293724Z	37	PC: 12bda \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:49.165094837Z	26	PC: 12be2 \| Set disk transfer address
2018-12-17T22:56:49.167151744Z	42	PC: 12be9 \| Get date 0x12be9: cmp cx, 0x7c4 0x12bed: ja 0x12c54 0x12bef: je 0x12c1b 0x12bf1: cmp cx, 0x7bc 0x12bf5: jne 0x12c54 0x12bf7: push ds 0x12bf8: mov ax, 0x3528 0x12bfb: int 0x21 0x12bfd: mov word ptr cs:[0x13b], bx 0x12c02: mov word ptr cs:[0x13d], es 0x12c07: mov ax, 0x2528 0x12c0a: mov dx, 0x720 0x12c0d: push cs 0x12c0e: pop ds 0x12c0f: int 0x21 0x12c11: pop ds 0x12c12: or byte ptr cs:[0x157], 8 0x12c18: jmp 0x12c20 0x12c1a: nop 0x12c1b: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12352,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:31.163220478Z	48	PC: 12a8e \| Get DOS version
2018-12-25T12:32:31.166250316Z	75	PC: 12a9c \| Execute program
2018-12-25T12:32:31.16776007Z	53	PC: 12ab7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:31.169021832Z	80	PC: 12b1e \| Set current PSP
2018-12-25T12:32:31.171413976Z	37	PC: 12bda \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:31.173690867Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:32:31.175857649Z	42	PC: 12be9 \| Get date 0x12be9: cmp cx, 0x7c4 0x12bed: ja 0x12c54 0x12bef: je 0x12c1b 0x12bf1: cmp cx, 0x7bc 0x12bf5: jne 0x12c54 0x12bf7: push ds 0x12bf8: mov ax, 0x3528 0x12bfb: int 0x21 0x12bfd: mov word ptr cs:[0x13b], bx 0x12c02: mov word ptr cs:[0x13d], es 0x12c07: mov ax, 0x2528 0x12c0a: mov dx, 0x720 0x12c0d: push cs 0x12c0e: pop ds 0x12c0f: int 0x21 0x12c11: pop ds 0x12c12: or byte ptr cs:[0x157], 8 0x12c18: jmp 0x12c20 0x12c1a: nop 0x12c1b: cmp dh, 0xa
2018-12-25T12:32:31.179559711Z	53	PC: 12bfd \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:32:31.182656813Z	37	PC: 12c11 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:32:31.247778133Z	53	PC: 12c3e \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:32:31.249091364Z	37	PC: 12c53 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12352,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:31.775122427Z	48	PC: 12a8e \| Get DOS version
2018-12-25T12:32:31.776584366Z	75	PC: 12a9c \| Execute program
2018-12-25T12:32:31.777930845Z	53	PC: 12ab7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:31.78042085Z	80	PC: 12b1e \| Set current PSP
2018-12-25T12:32:31.783068297Z	37	PC: 12bda \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:31.784790347Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:32:31.786140264Z	42	PC: 12be9 \| Get date 0x12be9: cmp cx, 0x7c4 0x12bed: ja 0x12c54 0x12bef: je 0x12c1b 0x12bf1: cmp cx, 0x7bc 0x12bf5: jne 0x12c54 0x12bf7: push ds 0x12bf8: mov ax, 0x3528 0x12bfb: int 0x21 0x12bfd: mov word ptr cs:[0x13b], bx 0x12c02: mov word ptr cs:[0x13d], es 0x12c07: mov ax, 0x2528 0x12c0a: mov dx, 0x720 0x12c0d: push cs 0x12c0e: pop ds 0x12c0f: int 0x21 0x12c11: pop ds 0x12c12: or byte ptr cs:[0x157], 8 0x12c18: jmp 0x12c20 0x12c1a: nop 0x12c1b: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12352,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:31.949947414Z	48	PC: 12a8e \| Get DOS version
2018-12-25T12:32:31.951643547Z	75	PC: 12a9c \| Execute program
2018-12-25T12:32:31.953330474Z	53	PC: 12ab7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:31.954539704Z	80	PC: 12b1e \| Set current PSP
2018-12-25T12:32:31.955668762Z	37	PC: 12bda \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:31.957540363Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:32:31.959272172Z	42	PC: 12be9 \| Get date 0x12be9: cmp cx, 0x7c4 0x12bed: ja 0x12c54 0x12bef: je 0x12c1b 0x12bf1: cmp cx, 0x7bc 0x12bf5: jne 0x12c54 0x12bf7: push ds 0x12bf8: mov ax, 0x3528 0x12bfb: int 0x21 0x12bfd: mov word ptr cs:[0x13b], bx 0x12c02: mov word ptr cs:[0x13d], es 0x12c07: mov ax, 0x2528 0x12c0a: mov dx, 0x720 0x12c0d: push cs 0x12c0e: pop ds 0x12c0f: int 0x21 0x12c11: pop ds 0x12c12: or byte ptr cs:[0x157], 8 0x12c18: jmp 0x12c20 0x12c1a: nop 0x12c1b: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12352,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:32.483626373Z	48	PC: 12a8e \| Get DOS version
2018-12-25T12:32:32.486069999Z	75	PC: 12a9c \| Execute program
2018-12-25T12:32:32.488601122Z	53	PC: 12ab7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:32.490110399Z	80	PC: 12b1e \| Set current PSP
2018-12-25T12:32:32.491908752Z	37	PC: 12bda \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:32.497733114Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:32:32.499070124Z	42	PC: 12be9 \| Get date 0x12be9: cmp cx, 0x7c4 0x12bed: ja 0x12c54 0x12bef: je 0x12c1b 0x12bf1: cmp cx, 0x7bc 0x12bf5: jne 0x12c54 0x12bf7: push ds 0x12bf8: mov ax, 0x3528 0x12bfb: int 0x21 0x12bfd: mov word ptr cs:[0x13b], bx 0x12c02: mov word ptr cs:[0x13d], es 0x12c07: mov ax, 0x2528 0x12c0a: mov dx, 0x720 0x12c0d: push cs 0x12c0e: pop ds 0x12c0f: int 0x21 0x12c11: pop ds 0x12c12: or byte ptr cs:[0x157], 8 0x12c18: jmp 0x12c20 0x12c1a: nop 0x12c1b: cmp dh, 0xa
2018-12-25T12:32:32.557389899Z	53	PC: 12c3e \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:32:32.559640082Z	37	PC: 12c53 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12352,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:32.537797402Z	48	PC: 12a8e \| Get DOS version
2018-12-25T12:32:32.539142424Z	75	PC: 12a9c \| Execute program
2018-12-25T12:32:32.541182149Z	53	PC: 12ab7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:32.542556344Z	80	PC: 12b1e \| Set current PSP
2018-12-25T12:32:32.543983082Z	37	PC: 12bda \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:32.545879689Z	26	PC: 12be2 \| Set disk transfer address
2018-12-25T12:32:32.547587434Z	42	PC: 12be9 \| Get date 0x12be9: cmp cx, 0x7c4 0x12bed: ja 0x12c54 0x12bef: je 0x12c1b 0x12bf1: cmp cx, 0x7bc 0x12bf5: jne 0x12c54 0x12bf7: push ds 0x12bf8: mov ax, 0x3528 0x12bfb: int 0x21 0x12bfd: mov word ptr cs:[0x13b], bx 0x12c02: mov word ptr cs:[0x13d], es 0x12c07: mov ax, 0x2528 0x12c0a: mov dx, 0x720 0x12c0d: push cs 0x12c0e: pop ds 0x12c0f: int 0x21 0x12c11: pop ds 0x12c12: or byte ptr cs:[0x157], 8 0x12c18: jmp 0x12c20 0x12c1a: nop 0x12c1b: cmp dh, 0xa