Sample viewer

vx.netlux.org/Virus.DOS.Baloo.525

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:15.998342594Z	26	PC: 12ab8 \| Set disk transfer address
2018-12-17T23:06:16.008668178Z	78	PC: 12aae \| Find first file
2018-12-17T23:06:16.016349509Z	61	PC: 12aae \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:16.023442245Z	87	PC: 12aae \| Get or set file date and time
2018-12-17T23:06:16.026871058Z	62	PC: 12aae \| Close file
2018-12-17T23:06:16.029547162Z	61	PC: 12aae \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:16.036489284Z	63	PC: 12b86 \| Read file or device (Read 65000 bytes on handle 5)
2018-12-17T23:06:16.044362193Z	62	PC: 12aae \| Close file
2018-12-17T23:06:16.047016134Z	67	PC: 12ba1 \| Get or set file attributes
2018-12-17T23:06:16.05322367Z	67	PC: 12aae \| Get or set file attributes
2018-12-17T23:06:16.070828241Z	60	PC: 12aae \| Create or truncate file
2018-12-17T23:06:16.083028143Z	64	PC: 12b63 \| Write file or device (Write 525 bytes on handle 5)
2018-12-17T23:06:16.091556394Z	64	PC: 12b63 \| Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:06:16.094413805Z	87	PC: 12aae \| Get or set file date and time
2018-12-17T23:06:16.104820808Z	62	PC: 12aae \| Close file
2018-12-17T23:06:16.109955407Z	67	PC: 12aae \| Get or set file attributes
2018-12-17T23:06:16.116735952Z	42	PC: 12a63 \| Get date 0x12a63: cmp al, 5 0x12a65: je 0x12a68 0x12a67: ret 0x12a68: mov ah, 9 0x12a6a: mov dx, 0x14d 0x12a6d: int 0x21 0x12a6f: mov di, 0x1e 0x12a72: mov al, 0xb6 0x12a74: out 0x43, al 0x12a76: mov dx, 0x12 0x12a79: mov ax, 0x34dc 0x12a7c: div di 0x12a7e: out 0x42, al 0x12a80: mov al, ah 0x12a82: out 0x42, al 0x12a84: in al, 0x61 0x12a86: mov ah, al 0x12a88: or al, 3 0x12a8a: out 0x61, al 0x12a8c: ret

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15479,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:32.060416461Z	26	PC: 12ab8 \| Set disk transfer address
2018-12-25T12:43:32.061899259Z	78	PC: 12aae \| Find first file
2018-12-25T12:43:32.0678033Z	61	PC: 12aae \| Open file (See above)
2018-12-25T12:43:32.074951552Z	87	PC: 12aae \| Get or set file date and time (See above)
2018-12-25T12:43:32.076642468Z	62	PC: 12aae \| Close file (See above)
2018-12-25T12:43:32.078730864Z	61	PC: 12aae \| Open file (See above)
2018-12-25T12:43:32.085299759Z	63	PC: 12b86 \| Read file or device (Read 65000 bytes on handle 5)
2018-12-25T12:43:32.092584705Z	62	PC: 12aae \| Close file (See above)
2018-12-25T12:43:32.094797628Z	67	PC: 12ba1 \| Get or set file attributes
2018-12-25T12:43:32.100576145Z	67	PC: 12aae \| Get or set file attributes (See above)
2018-12-25T12:43:32.134738665Z	60	PC: 12aae \| Create or truncate file (See above)
2018-12-25T12:43:32.146509837Z	64	PC: 12b63 \| Write file or device (Write 525 bytes on handle 5)
2018-12-25T12:43:32.154587982Z	64	PC: 12b63 \| Write file or device (See above)
2018-12-25T12:43:32.158268133Z	87	PC: 12aae \| Get or set file date and time (See above)
2018-12-25T12:43:32.160279035Z	62	PC: 12aae \| Close file (See above)
2018-12-25T12:43:32.168321984Z	67	PC: 12aae \| Get or set file attributes (See above)
2018-12-25T12:43:32.178248622Z	42	PC: 12a63 \| Get date 0x12a63: cmp al, 5 0x12a65: je 0x12a68 0x12a67: ret 0x12a68: mov ah, 9 0x12a6a: mov dx, 0x14d 0x12a6d: int 0x21 0x12a6f: mov di, 0x1e 0x12a72: mov al, 0xb6 0x12a74: out 0x43, al 0x12a76: mov dx, 0x12 0x12a79: mov ax, 0x34dc 0x12a7c: div di 0x12a7e: out 0x42, al 0x12a80: mov al, ah 0x12a82: out 0x42, al 0x12a84: in al, 0x61 0x12a86: mov ah, al 0x12a88: or al, 3 0x12a8a: out 0x61, al 0x12a8c: ret

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15479,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:32.4792547Z	26	PC: 12ab8 \| Set disk transfer address
2018-12-25T12:43:32.481153561Z	78	PC: 12aae \| Find first file
2018-12-25T12:43:32.487036559Z	61	PC: 12aae \| Open file (See above)
2018-12-25T12:43:32.493316699Z	87	PC: 12aae \| Get or set file date and time (See above)
2018-12-25T12:43:32.495330237Z	62	PC: 12aae \| Close file (See above)
2018-12-25T12:43:32.497165239Z	61	PC: 12aae \| Open file (See above)
2018-12-25T12:43:32.503443841Z	63	PC: 12b86 \| Read file or device (Read 65000 bytes on handle 5)
2018-12-25T12:43:32.509593689Z	62	PC: 12aae \| Close file (See above)
2018-12-25T12:43:32.511242408Z	67	PC: 12ba1 \| Get or set file attributes
2018-12-25T12:43:32.517130657Z	67	PC: 12aae \| Get or set file attributes (See above)
2018-12-25T12:43:32.537276245Z	60	PC: 12aae \| Create or truncate file (See above)
2018-12-25T12:43:32.555626711Z	64	PC: 12b63 \| Write file or device (Write 525 bytes on handle 5)
2018-12-25T12:43:32.563714435Z	64	PC: 12b63 \| Write file or device (See above)
2018-12-25T12:43:32.566320372Z	87	PC: 12aae \| Get or set file date and time (See above)
2018-12-25T12:43:32.568130416Z	62	PC: 12aae \| Close file (See above)
2018-12-25T12:43:32.575956416Z	67	PC: 12aae \| Get or set file attributes (See above)
2018-12-25T12:43:32.587258519Z	42	PC: 12a63 \| Get date 0x12a63: cmp al, 5 0x12a65: je 0x12a68 0x12a67: ret 0x12a68: mov ah, 9 0x12a6a: mov dx, 0x14d 0x12a6d: int 0x21 0x12a6f: mov di, 0x1e 0x12a72: mov al, 0xb6 0x12a74: out 0x43, al 0x12a76: mov dx, 0x12 0x12a79: mov ax, 0x34dc 0x12a7c: div di 0x12a7e: out 0x42, al 0x12a80: mov al, ah 0x12a82: out 0x42, al 0x12a84: in al, 0x61 0x12a86: mov ah, al 0x12a88: or al, 3 0x12a8a: out 0x61, al 0x12a8c: ret
2018-12-25T12:43:32.589903594Z	9	PC: 12a6f \| Display string (String= ' Baloo (C) 1998 by Skunky ')