Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1704.d

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:52.589030815Z	48	PC: 12b41 \| Get DOS version
2018-12-17T22:58:52.59154735Z	75	PC: 12b4f \| Execute program
2018-12-17T22:58:52.594270726Z	53	PC: 12b68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:52.595921849Z	80	PC: 12bd4 \| Set current PSP
2018-12-17T22:58:52.597849846Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:52.600198857Z	26	PC: 12be7 \| Set disk transfer address
2018-12-17T22:58:52.601968887Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13029,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:10.194556537Z	48	PC: 12b41 \| Get DOS version
2018-12-25T12:37:10.196602577Z	75	PC: 12b4f \| Execute program
2018-12-25T12:37:10.201634279Z	53	PC: 12b68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.203505788Z	80	PC: 12bd4 \| Set current PSP
2018-12-25T12:37:10.205547177Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.208358331Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:37:10.211060807Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13029,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:23.243992898Z	48	PC: 12b41 \| Get DOS version
2018-12-25T13:07:23.246530729Z	75	PC: 12b4f \| Execute program
2018-12-25T13:07:23.253745989Z	53	PC: 12b68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:23.25547383Z	80	PC: 12bd4 \| Set current PSP
2018-12-25T13:07:23.257413892Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:23.260071562Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T13:07:23.261543266Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T13:07:23.264145355Z	53	PC: 12c02 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T13:07:23.267016065Z	37	PC: 12c16 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T13:07:23.34639012Z	53	PC: 12c43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T13:07:23.348213564Z	37	PC: 12c58 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13029,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:10.228884937Z	48	PC: 12b41 \| Get DOS version
2018-12-25T12:37:10.230733914Z	75	PC: 12b4f \| Execute program
2018-12-25T12:37:10.232274719Z	53	PC: 12b68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.233559616Z	80	PC: 12bd4 \| Set current PSP
2018-12-25T12:37:10.235975192Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.237686443Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:37:10.239071629Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13029,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:10.537271259Z	48	PC: 12b41 \| Get DOS version
2018-12-25T12:37:10.539534239Z	75	PC: 12b4f \| Execute program
2018-12-25T12:37:10.541475647Z	53	PC: 12b68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.542977048Z	80	PC: 12bd4 \| Set current PSP
2018-12-25T12:37:10.5452376Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.546395308Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:37:10.547706813Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13029,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:10.902000861Z	48	PC: 12b41 \| Get DOS version
2018-12-25T12:37:10.903979968Z	75	PC: 12b4f \| Execute program
2018-12-25T12:37:10.905524803Z	53	PC: 12b68 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.907071916Z	80	PC: 12bd4 \| Set current PSP
2018-12-25T12:37:10.908924864Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.910344316Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:37:10.911458068Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T12:37:10.98873649Z	53	PC: 12c43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:37:10.99097773Z	37	PC: 12c58 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')