Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1701.g

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:05.263934123Z	48	PC: 12b41 \| Get DOS version
2018-12-17T22:48:05.265166709Z	75	PC: 12b4f \| Execute program
2018-12-17T22:48:05.267863126Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:05.279150455Z	80	PC: 12bd1 \| Set current PSP
2018-12-17T22:48:05.283812996Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:05.29054727Z	26	PC: 12be4 \| Set disk transfer address
2018-12-17T22:48:05.303549281Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9428,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:09.154046814Z	48	PC: 12b41 \| Get DOS version
2018-12-25T12:23:09.156742508Z	75	PC: 12b4f \| Execute program
2018-12-25T12:23:09.158353736Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:09.159601513Z	80	PC: 12bd1 \| Set current PSP
2018-12-25T12:23:09.161602341Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:09.163319303Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:23:09.164771349Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:23:09.249888298Z	53	PC: 12c40 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:23:09.251917442Z	37	PC: 12c55 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9428,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:09.343498505Z	48	PC: 12b41 \| Get DOS version
2018-12-25T12:23:09.345662019Z	75	PC: 12b4f \| Execute program
2018-12-25T12:23:09.347622247Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:09.349167616Z	80	PC: 12bd1 \| Set current PSP
2018-12-25T12:23:09.350934061Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:09.352161486Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:23:09.353398366Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9428,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:11.99753409Z	48	PC: 12b41 \| Get DOS version
2018-12-25T13:07:11.999673147Z	75	PC: 12b4f \| Execute program
2018-12-25T13:07:12.001206472Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:12.002395303Z	80	PC: 12bd1 \| Set current PSP
2018-12-25T13:07:12.004956179Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:12.006144416Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T13:07:12.007305926Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T13:07:12.010139485Z	53	PC: 12bff \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T13:07:12.011827205Z	37	PC: 12c13 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T13:07:12.072679898Z	53	PC: 12c40 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T13:07:12.074271097Z	37	PC: 12c55 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9428,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:09.905222589Z	48	PC: 12b41 \| Get DOS version
2018-12-25T12:23:09.906567308Z	75	PC: 12b4f \| Execute program
2018-12-25T12:23:09.908038265Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:09.90909427Z	80	PC: 12bd1 \| Set current PSP
2018-12-25T12:23:09.910604009Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:09.911667626Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:23:09.912751148Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9428,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:10.032210875Z	48	PC: 12b41 \| Get DOS version
2018-12-25T12:23:10.033869432Z	75	PC: 12b4f \| Execute program
2018-12-25T12:23:10.035241002Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:10.03639856Z	80	PC: 12bd1 \| Set current PSP
2018-12-25T12:23:10.050417647Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:10.051532421Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:23:10.052839331Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa