Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1704.h

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:38.232354849Z	48	PC: 12c2a \| Get DOS version
2018-12-17T22:41:38.23449566Z	75	PC: 12c38 \| Execute program
2018-12-17T22:41:38.235981634Z	53	PC: 12c51 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:38.237255808Z	80	PC: 12cbd \| Set current PSP
2018-12-17T22:41:38.239566391Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:38.241471077Z	26	PC: 12be7 \| Set disk transfer address
2018-12-17T22:41:38.242760521Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c8 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-17T22:41:38.245032528Z	9	PC: 13242 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:41:38.250231734Z	76	PC: 13246 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7287,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:18.330305555Z	48	PC: 12c2a \| Get DOS version
2018-12-25T12:01:18.332440183Z	75	PC: 12c38 \| Execute program
2018-12-25T12:01:18.333806704Z	53	PC: 12c51 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.334815399Z	80	PC: 12cbd \| Set current PSP
2018-12-25T12:01:18.336370071Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.337302081Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:01:18.338174677Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c8 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T12:01:18.34031055Z	53	PC: 12c02 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:01:18.341741935Z	37	PC: 12c16 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:01:18.413621246Z	53	PC: 12c43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:01:18.414813979Z	37	PC: 12c58 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:01:18.41623999Z	9	PC: 13242 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:18.420101189Z	42	PC: 13074 \| Get date 0x13074: cmp cx, 0x7c4 0x13078: jb 0x13087 0x1307a: ja 0x13081 0x1307c: cmp dh, 0xa 0x1307f: jb 0x13087 0x13081: and byte ptr cs:[0x157], 0xf7 0x13087: pop dx 0x13088: pop cx 0x13089: pop ax 0x1308a: ljmp ptr cs:[0x13b] 0x1308f: push es 0x13090: push bx 0x13091: mov ah, 0x48 0x13093: mov bx, 0x6b 0x13096: int 0x21 0x13098: pop bx 0x13099: jae 0x1309e 0x1309b: stc 0x1309c: pop es 0x1309d: ret
2018-12-25T12:01:18.425825761Z	76	PC: 13246 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7287,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:18.333571487Z	48	PC: 12c2a \| Get DOS version
2018-12-25T12:01:18.335302754Z	75	PC: 12c38 \| Execute program
2018-12-25T12:01:18.336546949Z	53	PC: 12c51 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.337953599Z	80	PC: 12cbd \| Set current PSP
2018-12-25T12:01:18.342562325Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.343819223Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:01:18.345035372Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c8 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T12:01:18.347732964Z	9	PC: 13242 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:18.353357553Z	76	PC: 13246 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7287,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:18.468426731Z	48	PC: 12c2a \| Get DOS version
2018-12-25T12:01:18.471377234Z	75	PC: 12c38 \| Execute program
2018-12-25T12:01:18.472951579Z	53	PC: 12c51 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.474077305Z	80	PC: 12cbd \| Set current PSP
2018-12-25T12:01:18.475579712Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.477004163Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:01:18.477987866Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c8 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T12:01:18.479835197Z	9	PC: 13242 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:18.485137548Z	76	PC: 13246 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":10,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7287,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:19.381226742Z	48	PC: 12c2a \| Get DOS version
2018-12-25T12:01:19.383228857Z	75	PC: 12c38 \| Execute program
2018-12-25T12:01:19.385598922Z	53	PC: 12c51 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:19.387041383Z	80	PC: 12cbd \| Set current PSP
2018-12-25T12:01:19.389083758Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:19.392291566Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:01:19.393759997Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c8 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T12:01:19.503284712Z	53	PC: 12c43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:01:19.506189174Z	37	PC: 12c58 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:01:19.508343659Z	9	PC: 13242 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:19.51443661Z	76	PC: 13246 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7287,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:19.451997634Z	48	PC: 12c2a \| Get DOS version
2018-12-25T12:01:19.453348274Z	75	PC: 12c38 \| Execute program
2018-12-25T12:01:19.455718267Z	53	PC: 12c51 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:19.457112782Z	80	PC: 12cbd \| Set current PSP
2018-12-25T12:01:19.458887337Z	37	PC: 12bdf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:19.461281688Z	26	PC: 12be7 \| Set disk transfer address
2018-12-25T12:01:19.462600695Z	42	PC: 12bee \| Get date 0x12bee: cmp cx, 0x7c8 0x12bf2: ja 0x12c59 0x12bf4: je 0x12c20 0x12bf6: cmp cx, 0x7bc 0x12bfa: jne 0x12c59 0x12bfc: push ds 0x12bfd: mov ax, 0x3528 0x12c00: int 0x21 0x12c02: mov word ptr cs:[0x13b], bx 0x12c07: mov word ptr cs:[0x13d], es 0x12c0c: mov ax, 0x2528 0x12c0f: mov dx, 0x725 0x12c12: push cs 0x12c13: pop ds 0x12c14: int 0x21 0x12c16: pop ds 0x12c17: or byte ptr cs:[0x157], 8 0x12c1d: jmp 0x12c25 0x12c1f: nop 0x12c20: cmp dh, 0xa
2018-12-25T12:01:19.465178442Z	9	PC: 13242 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:19.472346189Z	76	PC: 13246 \| Terminate with return code (Return code = '36')