Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1704.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:14.343493019Z	48	PC: 12b16 \| Get DOS version
2018-12-17T23:09:14.344856407Z	75	PC: 12b24 \| Execute program
2018-12-17T23:09:14.34641927Z	53	PC: 12b3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:14.347491002Z	80	PC: 12ba9 \| Set current PSP
2018-12-17T23:09:14.348690659Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:14.355104826Z	26	PC: 12be7 \| Set disk transfer address
2018-12-17T23:09:14.357455813Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c9 0x12bf2: nop 0x12bf3: nop 0x12bf4: jne 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop
2018-12-17T23:09:14.421232961Z	53	PC: 12c43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:09:14.423004601Z	37	PC: 12c58 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:09:14.424299945Z	9	PC: 13237 \| Display string (String= 'Hello - Copyright S & S Enterprises, 1988 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16462,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:57.031337848Z	48	PC: 12b16 \| Get DOS version
2018-12-25T12:52:57.033062313Z	75	PC: 12b24 \| Execute program
2018-12-25T12:52:57.034165385Z	53	PC: 12b3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:57.03514105Z	80	PC: 12ba9 \| Set current PSP
2018-12-25T12:52:57.036442018Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:57.037901376Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:52:57.038965237Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c9 0x12bf2: nop 0x12bf3: nop 0x12bf4: jne 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop
2018-12-25T12:52:57.040701773Z	9	PC: 13237 \| Display string (String= 'Hello - Copyright S & S Enterprises, 1988 ')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16462,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:57.241707332Z	48	PC: 12b16 \| Get DOS version
2018-12-25T12:52:57.246419596Z	75	PC: 12b24 \| Execute program
2018-12-25T12:52:57.24849941Z	53	PC: 12b3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:57.250388247Z	80	PC: 12ba9 \| Set current PSP
2018-12-25T12:52:57.252852118Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:57.254769597Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:52:57.256652503Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c9 0x12bf2: nop 0x12bf3: nop 0x12bf4: jne 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop
2018-12-25T12:52:57.341883605Z	53	PC: 12c43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:52:57.344325589Z	37	PC: 12c58 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:52:57.346211737Z	9	PC: 13237 \| Display string (String= 'Hello - Copyright S & S Enterprises, 1988 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16462,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:57.347520323Z	48	PC: 12b16 \| Get DOS version
2018-12-25T12:52:57.349374184Z	75	PC: 12b24 \| Execute program
2018-12-25T12:52:57.351291679Z	53	PC: 12b3d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:57.35264391Z	80	PC: 12ba9 \| Set current PSP
2018-12-25T12:52:57.354082686Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:57.355774246Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:52:57.357542839Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c9 0x12bf2: nop 0x12bf3: nop 0x12bf4: jne 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop
2018-12-25T12:52:57.360489377Z	9	PC: 13237 \| Display string (String= 'Hello - Copyright S & S Enterprises, 1988 ')