Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1704.e

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:24:53.982181443Z	48	PC: 151ed \| Get DOS version
2018-12-17T22:24:53.994387312Z	75	PC: 151fb \| Execute program
2018-12-17T22:24:53.995829146Z	53	PC: 15214 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:24:53.997348981Z	80	PC: 15280 \| Set current PSP
2018-12-17T22:24:53.999853032Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:24:54.001791302Z	26	PC: 12be7 \| Set disk transfer address
2018-12-17T22:24:54.003625801Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-17T22:24:54.006515209Z	76	PC: 1590d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4400,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:37.435715825Z	48	PC: 151ed \| Get DOS version
2018-12-25T11:51:37.437107842Z	75	PC: 151fb \| Execute program
2018-12-25T11:51:37.438118452Z	53	PC: 15214 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.439089784Z	80	PC: 15280 \| Set current PSP
2018-12-25T11:51:37.440792984Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.441689708Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T11:51:37.442588902Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T11:51:37.445072713Z	53	PC: 12c02 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:51:37.446274718Z	37	PC: 12c16 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T11:51:37.516475864Z	53	PC: 12c43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:51:37.518573785Z	37	PC: 12c58 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:51:37.519757081Z	76	PC: 1590d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4400,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:37.669127047Z	48	PC: 151ed \| Get DOS version
2018-12-25T11:51:37.671545741Z	75	PC: 151fb \| Execute program
2018-12-25T11:51:37.673193087Z	53	PC: 15214 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.674663506Z	80	PC: 15280 \| Set current PSP
2018-12-25T11:51:37.678239418Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.679947609Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T11:51:37.68139969Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T11:51:37.684168521Z	76	PC: 1590d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4400,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:37.710978917Z	48	PC: 151ed \| Get DOS version
2018-12-25T11:51:37.713048191Z	75	PC: 151fb \| Execute program
2018-12-25T11:51:37.727209074Z	53	PC: 15214 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.728761028Z	80	PC: 15280 \| Set current PSP
2018-12-25T11:51:37.731151249Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.732881457Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T11:51:37.734063088Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T11:51:37.73591389Z	76	PC: 1590d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4400,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:37.735527218Z	48	PC: 151ed \| Get DOS version
2018-12-25T11:51:37.737558711Z	75	PC: 151fb \| Execute program
2018-12-25T11:51:37.739545021Z	53	PC: 15214 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.741212874Z	80	PC: 15280 \| Set current PSP
2018-12-25T11:51:37.744544769Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.746161461Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T11:51:37.747892343Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T11:51:37.790515342Z	53	PC: 12c43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:51:37.793242937Z	37	PC: 12c58 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:51:37.794914543Z	76	PC: 1590d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4400,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:37.944965675Z	48	PC: 151ed \| Get DOS version
2018-12-25T11:51:37.947622198Z	75	PC: 151fb \| Execute program
2018-12-25T11:51:37.949264752Z	53	PC: 15214 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.950751231Z	80	PC: 15280 \| Set current PSP
2018-12-25T11:51:37.953693414Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:37.955511879Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T11:51:37.957218365Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c4 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T11:51:37.960043126Z	76	PC: 1590d \| Terminate with return code (Return code = '0')