Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1661.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:03.505729963Z	48	PC: 138cf \| Get DOS version
2018-12-17T23:04:03.507850322Z	75	PC: 138dd \| Execute program
2018-12-17T23:04:03.509690964Z	53	PC: 138f8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:03.511277839Z	80	PC: 13936 \| Set current PSP
2018-12-17T23:04:03.513243496Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:03.515493228Z	26	PC: 12bba \| Set disk transfer address
2018-12-17T23:04:03.516975396Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x130], bx 0x12bda: mov word ptr cs:[0x132], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15c], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-17T23:04:03.519606716Z	48	PC: 13e2b \| Get DOS version
2018-12-17T23:04:03.521945485Z	9	PC: 13e37 \| Display string (String= ' Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":12,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14753,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:34.188657363Z	48	PC: 138cf \| Get DOS version
2018-12-25T12:41:34.190630745Z	75	PC: 138dd \| Execute program
2018-12-25T12:41:34.191992523Z	53	PC: 138f8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:34.193214064Z	80	PC: 13936 \| Set current PSP
2018-12-25T12:41:34.195232043Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:34.19626723Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:41:34.197602134Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x130], bx 0x12bda: mov word ptr cs:[0x132], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15c], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:41:34.270624431Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:41:34.272394026Z	37	PC: 12c2a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:41:34.273960691Z	48	PC: 13e2b \| Get DOS version
2018-12-25T12:41:34.275560393Z	9	PC: 13e37 \| Display string (String= ' Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14753,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:34.405851698Z	48	PC: 138cf \| Get DOS version
2018-12-25T12:41:34.408484957Z	75	PC: 138dd \| Execute program
2018-12-25T12:41:34.410015021Z	53	PC: 138f8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:34.411307882Z	80	PC: 13936 \| Set current PSP
2018-12-25T12:41:34.413921087Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:34.416115828Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:41:34.417547337Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x130], bx 0x12bda: mov word ptr cs:[0x132], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15c], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:41:34.420808832Z	48	PC: 13e2b \| Get DOS version
2018-12-25T12:41:34.4223459Z	9	PC: 13e37 \| Display string (String= ' Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14753,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:34.623904863Z	48	PC: 138cf \| Get DOS version
2018-12-25T12:41:34.62616509Z	75	PC: 138dd \| Execute program
2018-12-25T12:41:34.627628012Z	53	PC: 138f8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:34.628860301Z	80	PC: 13936 \| Set current PSP
2018-12-25T12:41:34.630525505Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:34.632629906Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:41:34.63385096Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x130], bx 0x12bda: mov word ptr cs:[0x132], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15c], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:41:34.635994297Z	53	PC: 12bd5 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:41:34.638723519Z	37	PC: 12be9 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:41:34.71292376Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:41:34.714628295Z	37	PC: 12c2a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:41:34.716843328Z	48	PC: 13e2b \| Get DOS version
2018-12-25T12:41:34.718052305Z	9	PC: 13e37 \| Display string (String= ' Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14753,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:36.032610244Z	48	PC: 138cf \| Get DOS version
2018-12-25T12:41:36.033745241Z	75	PC: 138dd \| Execute program
2018-12-25T12:41:36.035493387Z	53	PC: 138f8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:36.036662411Z	80	PC: 13936 \| Set current PSP
2018-12-25T12:41:36.038323534Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:36.040103034Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:41:36.041851236Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x130], bx 0x12bda: mov word ptr cs:[0x132], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15c], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:41:36.044280678Z	48	PC: 13e2b \| Get DOS version
2018-12-25T12:41:36.046096487Z	9	PC: 13e37 \| Display string (String= ' Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14753,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:36.453680477Z	48	PC: 138cf \| Get DOS version
2018-12-25T12:41:36.456475457Z	75	PC: 138dd \| Execute program
2018-12-25T12:41:36.458339087Z	53	PC: 138f8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:36.459733929Z	80	PC: 13936 \| Set current PSP
2018-12-25T12:41:36.461635745Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:36.463473124Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:41:36.464855631Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x130], bx 0x12bda: mov word ptr cs:[0x132], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15c], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:41:36.467388565Z	48	PC: 13e2b \| Get DOS version
2018-12-25T12:41:36.469759413Z	9	PC: 13e37 \| Display string (String= ' Incorrect DOS version ')