Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1661.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:30.98306928Z	48	PC: 12bed \| Get DOS version
2018-12-17T23:12:30.985285076Z	75	PC: 12bfb \| Execute program
2018-12-17T23:12:30.986684287Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:30.987905947Z	80	PC: 12c54 \| Set current PSP
2018-12-17T23:12:30.98974394Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:30.990765664Z	26	PC: 12bba \| Set disk transfer address
2018-12-17T23:12:30.991880112Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x12e], bx 0x12bda: mov word ptr cs:[0x130], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15a], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-17T23:12:31.002317637Z	76	PC: 131eb \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17543,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:00.33295187Z	48	PC: 12bed \| Get DOS version
2018-12-25T12:56:00.334550785Z	75	PC: 12bfb \| Execute program
2018-12-25T12:56:00.337126016Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:00.338957843Z	80	PC: 12c54 \| Set current PSP
2018-12-25T12:56:00.341118727Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:00.344219366Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:56:00.34595815Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x12e], bx 0x12bda: mov word ptr cs:[0x130], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15a], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:56:00.348709302Z	53	PC: 12bd5 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:56:00.35095715Z	37	PC: 12be9 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:56:00.402761133Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:56:00.404495563Z	37	PC: 12c2a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:56:00.406847689Z	76	PC: 131eb \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17543,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:01.209162503Z	48	PC: 12bed \| Get DOS version
2018-12-25T12:56:01.210705222Z	75	PC: 12bfb \| Execute program
2018-12-25T12:56:01.211949583Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:01.212951899Z	80	PC: 12c54 \| Set current PSP
2018-12-25T12:56:01.214559094Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:01.215490578Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:56:01.216359401Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x12e], bx 0x12bda: mov word ptr cs:[0x130], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15a], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:56:01.218772144Z	76	PC: 131eb \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17543,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:01.411192697Z	48	PC: 12bed \| Get DOS version
2018-12-25T12:56:01.413017912Z	75	PC: 12bfb \| Execute program
2018-12-25T12:56:01.414675888Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:01.416061597Z	80	PC: 12c54 \| Set current PSP
2018-12-25T12:56:01.417991845Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:01.422042291Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:56:01.423652101Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x12e], bx 0x12bda: mov word ptr cs:[0x130], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15a], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:56:01.426539702Z	76	PC: 131eb \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17543,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:01.42630824Z	48	PC: 12bed \| Get DOS version
2018-12-25T12:56:01.427868257Z	75	PC: 12bfb \| Execute program
2018-12-25T12:56:01.429920577Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:01.431295514Z	80	PC: 12c54 \| Set current PSP
2018-12-25T12:56:01.433094323Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:01.434986569Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:56:01.436093408Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x12e], bx 0x12bda: mov word ptr cs:[0x130], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15a], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:56:01.498959455Z	53	PC: 12c15 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:56:01.501589509Z	37	PC: 12c2a \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:56:01.503248271Z	76	PC: 131eb \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17543,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:02.111110667Z	48	PC: 12bed \| Get DOS version
2018-12-25T12:56:02.113230924Z	75	PC: 12bfb \| Execute program
2018-12-25T12:56:02.115152864Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:02.116519186Z	80	PC: 12c54 \| Set current PSP
2018-12-25T12:56:02.118566772Z	37	PC: 12bb2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:02.121221989Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T12:56:02.122921476Z	42	PC: 12bc1 \| Get date 0x12bc1: cmp cx, 0x7c6 0x12bc5: ja 0x12c2b 0x12bc7: je 0x12bf2 0x12bc9: cmp cx, 0x7bc 0x12bcd: jne 0x12c2b 0x12bcf: push ds 0x12bd0: mov ax, 0x3528 0x12bd3: int 0x21 0x12bd5: mov word ptr cs:[0x12e], bx 0x12bda: mov word ptr cs:[0x130], es 0x12bdf: mov ax, 0x2528 0x12be2: mov dx, 0x6fa 0x12be5: push cs 0x12be6: pop ds 0x12be7: int 0x21 0x12be9: pop ds 0x12bea: or byte ptr cs:[0x15a], 8 0x12bf0: jmp 0x12bf7 0x12bf2: cmp dh, 0xc 0x12bf5: jb 0x12c2b
2018-12-25T12:56:02.125515445Z	76	PC: 131eb \| Terminate with return code (Return code = '1')