Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1706

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:24.482672597Z	48	PC: 12b3c \| Get DOS version
2018-12-17T23:08:24.483960484Z	75	PC: 12b4a \| Execute program
2018-12-17T23:08:24.485714939Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:24.486780642Z	80	PC: 12bcd \| Set current PSP
2018-12-17T23:08:24.487871478Z	26	PC: 12bd1 \| Set disk transfer address
2018-12-17T23:08:24.489716727Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:24.490778695Z	42	PC: 12be3 \| Get date 0x12be3: cmp cx, 0x7c5 0x12be7: ja 0x12c13 0x12be9: je 0x12c0e 0x12beb: cmp cx, 0x7bc 0x12bef: jne 0x12c3e 0x12bf1: mov ax, 0x3528 0x12bf4: int 0x21 0x12bf6: mov word ptr [0x138], bx 0x12bfa: mov word ptr [0x13a], es 0x12bfe: mov ax, 0x2528 0x12c01: mov dx, 0x72d 0x12c04: int 0x21 0x12c06: or byte ptr [0x156], 8 0x12c0b: jmp 0x12c13 0x12c0d: nop 0x12c0e: cmp dh, 0xa 0x12c11: jb 0x12c3e 0x12c13: call 0x12ec5 0x12c16: mov ax, 0x1518 0x12c19: call 0x12dd2
2018-12-17T23:08:24.568758212Z	53	PC: 12c2e \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:08:24.571131204Z	37	PC: 12c3e \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:08:24.572353197Z	9	PC: 13262 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":10,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:35.944726664Z	48	PC: 12b3c \| Get DOS version
2018-12-25T12:45:35.946140139Z	75	PC: 12b4a \| Execute program
2018-12-25T12:45:35.9473823Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:35.948418386Z	80	PC: 12bcd \| Set current PSP
2018-12-25T12:45:35.950081034Z	26	PC: 12bd1 \| Set disk transfer address
2018-12-25T12:45:35.951143052Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:35.952244512Z	42	PC: 12be3 \| Get date 0x12be3: cmp cx, 0x7c5 0x12be7: ja 0x12c13 0x12be9: je 0x12c0e 0x12beb: cmp cx, 0x7bc 0x12bef: jne 0x12c3e 0x12bf1: mov ax, 0x3528 0x12bf4: int 0x21 0x12bf6: mov word ptr [0x138], bx 0x12bfa: mov word ptr [0x13a], es 0x12bfe: mov ax, 0x2528 0x12c01: mov dx, 0x72d 0x12c04: int 0x21 0x12c06: or byte ptr [0x156], 8 0x12c0b: jmp 0x12c13 0x12c0d: nop 0x12c0e: cmp dh, 0xa 0x12c11: jb 0x12c3e 0x12c13: call 0x12ec5 0x12c16: mov ax, 0x1518 0x12c19: call 0x12dd2
2018-12-25T12:45:36.021510985Z	53	PC: 12c2e \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:36.022559417Z	37	PC: 12c3e \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:36.02352467Z	9	PC: 13262 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:36.268805602Z	48	PC: 12b3c \| Get DOS version
2018-12-25T12:45:36.270136384Z	75	PC: 12b4a \| Execute program
2018-12-25T12:45:36.271427716Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:36.272571892Z	80	PC: 12bcd \| Set current PSP
2018-12-25T12:45:36.274149192Z	26	PC: 12bd1 \| Set disk transfer address
2018-12-25T12:45:36.275041445Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:36.276018549Z	42	PC: 12be3 \| Get date 0x12be3: cmp cx, 0x7c5 0x12be7: ja 0x12c13 0x12be9: je 0x12c0e 0x12beb: cmp cx, 0x7bc 0x12bef: jne 0x12c3e 0x12bf1: mov ax, 0x3528 0x12bf4: int 0x21 0x12bf6: mov word ptr [0x138], bx 0x12bfa: mov word ptr [0x13a], es 0x12bfe: mov ax, 0x2528 0x12c01: mov dx, 0x72d 0x12c04: int 0x21 0x12c06: or byte ptr [0x156], 8 0x12c0b: jmp 0x12c13 0x12c0d: nop 0x12c0e: cmp dh, 0xa 0x12c11: jb 0x12c3e 0x12c13: call 0x12ec5 0x12c16: mov ax, 0x1518 0x12c19: call 0x12dd2
2018-12-25T12:45:36.374978945Z	53	PC: 12c2e \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:36.376288184Z	37	PC: 12c3e \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:36.37804338Z	9	PC: 13262 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:36.309806636Z	48	PC: 12b3c \| Get DOS version
2018-12-25T12:45:36.311319052Z	75	PC: 12b4a \| Execute program
2018-12-25T12:45:36.313074789Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:36.314277946Z	80	PC: 12bcd \| Set current PSP
2018-12-25T12:45:36.315519141Z	26	PC: 12bd1 \| Set disk transfer address
2018-12-25T12:45:36.316767719Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:36.317746536Z	42	PC: 12be3 \| Get date 0x12be3: cmp cx, 0x7c5 0x12be7: ja 0x12c13 0x12be9: je 0x12c0e 0x12beb: cmp cx, 0x7bc 0x12bef: jne 0x12c3e 0x12bf1: mov ax, 0x3528 0x12bf4: int 0x21 0x12bf6: mov word ptr [0x138], bx 0x12bfa: mov word ptr [0x13a], es 0x12bfe: mov ax, 0x2528 0x12c01: mov dx, 0x72d 0x12c04: int 0x21 0x12c06: or byte ptr [0x156], 8 0x12c0b: jmp 0x12c13 0x12c0d: nop 0x12c0e: cmp dh, 0xa 0x12c11: jb 0x12c3e 0x12c13: call 0x12ec5 0x12c16: mov ax, 0x1518 0x12c19: call 0x12dd2
2018-12-25T12:45:36.319646432Z	53	PC: 12bf6 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:45:36.321312017Z	37	PC: 12c06 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:45:36.389528109Z	53	PC: 12c2e \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:36.390482801Z	37	PC: 12c3e \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:45:36.392234155Z	9	PC: 13262 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-25T12:45:36.396599226Z	42	PC: 1307c \| Get date 0x1307c: cmp cx, 0x7c5 0x13080: jb 0x1308f 0x13082: ja 0x13089 0x13084: cmp dh, 0xa 0x13087: jb 0x1308f 0x13089: and byte ptr cs:[0x156], 0xf7 0x1308f: pop dx 0x13090: pop cx 0x13091: pop ax 0x13092: ljmp ptr cs:[0x138] 0x13097: push bx 0x13098: mov ah, 0x48 0x1309a: mov bx, 0x6b 0x1309d: int 0x21 0x1309f: pop bx 0x130a0: jae 0x130a4 0x130a2: stc 0x130a3: ret 0x130a4: mov byte ptr [0x100], 1 0x130a9: mov es, ax

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:36.774847577Z	48	PC: 12b3c \| Get DOS version
2018-12-25T12:45:36.776465887Z	75	PC: 12b4a \| Execute program
2018-12-25T12:45:36.777685547Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:36.778726725Z	80	PC: 12bcd \| Set current PSP
2018-12-25T12:45:36.780379905Z	26	PC: 12bd1 \| Set disk transfer address
2018-12-25T12:45:36.781372598Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:36.782398245Z	42	PC: 12be3 \| Get date 0x12be3: cmp cx, 0x7c5 0x12be7: ja 0x12c13 0x12be9: je 0x12c0e 0x12beb: cmp cx, 0x7bc 0x12bef: jne 0x12c3e 0x12bf1: mov ax, 0x3528 0x12bf4: int 0x21 0x12bf6: mov word ptr [0x138], bx 0x12bfa: mov word ptr [0x13a], es 0x12bfe: mov ax, 0x2528 0x12c01: mov dx, 0x72d 0x12c04: int 0x21 0x12c06: or byte ptr [0x156], 8 0x12c0b: jmp 0x12c13 0x12c0d: nop 0x12c0e: cmp dh, 0xa 0x12c11: jb 0x12c3e 0x12c13: call 0x12ec5 0x12c16: mov ax, 0x1518 0x12c19: call 0x12dd2
2018-12-25T12:45:36.784743795Z	9	PC: 13262 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16181,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:39.679056769Z	48	PC: 12b3c \| Get DOS version
2018-12-25T12:45:39.680575691Z	75	PC: 12b4a \| Execute program
2018-12-25T12:45:39.68153325Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:39.682343925Z	80	PC: 12bcd \| Set current PSP
2018-12-25T12:45:39.683963105Z	26	PC: 12bd1 \| Set disk transfer address
2018-12-25T12:45:39.684813944Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:39.685608866Z	42	PC: 12be3 \| Get date 0x12be3: cmp cx, 0x7c5 0x12be7: ja 0x12c13 0x12be9: je 0x12c0e 0x12beb: cmp cx, 0x7bc 0x12bef: jne 0x12c3e 0x12bf1: mov ax, 0x3528 0x12bf4: int 0x21 0x12bf6: mov word ptr [0x138], bx 0x12bfa: mov word ptr [0x13a], es 0x12bfe: mov ax, 0x2528 0x12c01: mov dx, 0x72d 0x12c04: int 0x21 0x12c06: or byte ptr [0x156], 8 0x12c0b: jmp 0x12c13 0x12c0d: nop 0x12c0e: cmp dh, 0xa 0x12c11: jb 0x12c3e 0x12c13: call 0x12ec5 0x12c16: mov ax, 0x1518 0x12c19: call 0x12dd2
2018-12-25T12:45:39.687446694Z	9	PC: 13262 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')