Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1701.j

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:41.578970757Z 48 PC: 12bb9 | Get DOS version
2018-12-17T23:00:41.58040468Z 75 PC: 12bc7 | Execute program
2018-12-17T23:00:41.581492319Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:41.582406132Z 80 PC: 12c49 | Set current PSP
2018-12-17T23:00:41.590420047Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:41.591660058Z 26 PC: 12be4 | Set disk transfer address
2018-12-17T23:00:41.593520917Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-17T23:00:41.596557748Z 9 PC: 132d7 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-17T23:00:41.609391692Z 76 PC: 132dc | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13621,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:38.900361005Z 48 PC: 12bb9 | Get DOS version
2018-12-25T12:38:38.902034642Z 75 PC: 12bc7 | Execute program
2018-12-25T12:38:38.904334735Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:38.905475843Z 80 PC: 12c49 | Set current PSP
2018-12-25T12:38:38.907156673Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:38.908125766Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:38:38.90908572Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:38:38.91193576Z 9 PC: 132d7 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:38:38.925238422Z 76 PC: 132dc | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13621,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:39.083145506Z 48 PC: 12bb9 | Get DOS version
2018-12-25T12:38:39.084632217Z 75 PC: 12bc7 | Execute program
2018-12-25T12:38:39.086684384Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.088225207Z 80 PC: 12c49 | Set current PSP
2018-12-25T12:38:39.090236938Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.093164943Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:38:39.094633081Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:38:39.187262731Z 53 PC: 12c40 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:38:39.192794185Z 37 PC: 12c55 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:38:39.195502402Z 9 PC: 132d7 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:38:39.227408355Z 76 PC: 132dc | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13621,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:39.124950877Z 48 PC: 12bb9 | Get DOS version
2018-12-25T12:38:39.126429955Z 75 PC: 12bc7 | Execute program
2018-12-25T12:38:39.127661886Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.128674927Z 80 PC: 12c49 | Set current PSP
2018-12-25T12:38:39.134968887Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.135940578Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:38:39.136875336Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:38:39.140191065Z 9 PC: 132d7 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:38:39.152950678Z 76 PC: 132dc | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13621,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:39.188807897Z 48 PC: 12bb9 | Get DOS version
2018-12-25T12:38:39.191295721Z 75 PC: 12bc7 | Execute program
2018-12-25T12:38:39.192876784Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.193978219Z 80 PC: 12c49 | Set current PSP
2018-12-25T12:38:39.195347533Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.196908864Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:38:39.197947207Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:38:39.200103855Z 53 PC: 12bff | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:38:39.202173144Z 37 PC: 12c13 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:38:39.262811188Z 53 PC: 12c40 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:38:39.264320172Z 37 PC: 12c55 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:38:39.266661992Z 9 PC: 132d7 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:38:39.274555911Z 42 PC: 13071 | Get date 0x13071: cmp cx, 0x7c4
0x13075: jb 0x13084
0x13077: ja 0x1307e
0x13079: cmp dh, 0xa
0x1307c: jb 0x13084
0x1307e: and byte ptr cs:[0x157], 0xf7
0x13084: pop dx
0x13085: pop cx
0x13086: pop ax
0x13087: ljmp ptr cs:[0x13b]
0x1308c: push es
0x1308d: push bx
0x1308e: mov ah, 0x48
0x13090: mov bx, 0x6b
0x13093: int 0x21
0x13095: pop bx
0x13096: jae 0x1309b
0x13098: stc
0x13099: pop es
0x1309a: ret
2018-12-25T12:38:39.282869236Z 42 PC: 13071 | Get date (See above)
2018-12-25T12:38:39.292473488Z 42 PC: 13071 | Get date (See above)
2018-12-25T12:38:39.298851265Z 76 PC: 132dc | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13621,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:39.22806677Z 48 PC: 12bb9 | Get DOS version
2018-12-25T12:38:39.229757873Z 75 PC: 12bc7 | Execute program
2018-12-25T12:38:39.231328261Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.232611687Z 80 PC: 12c49 | Set current PSP
2018-12-25T12:38:39.250320594Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.251527275Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:38:39.25260239Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:38:39.254517502Z 9 PC: 132d7 | Display string (String= ' SC Virus Collection. ***** WARNING ***** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:38:39.261407219Z 76 PC: 132dc | Terminate with return code (Return code = '0')