Sample viewer

vx.netlux.org/Virus.DOS.Baloo.643

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:11:48.540982219Z	42	PC: 12a66 \| Get date 0x12a66: cmp al, 5 0x12a68: je 0x12a6b 0x12a6a: ret 0x12a6b: mov ah, 9 0x12a6d: mov dx, 0x133 0x12a70: int 0x21 0x12a72: ret 0x12a73: sub ch, byte ptr [bp + si] 0x12a75: sub ah, byte ptr [bx + si] 0x12a77: inc dx 0x12a78: inc cx 0x12a79: dec sp 0x12a7a: dec di 0x12a7b: dec di 0x12a7c: and byte ptr [bx + si], ch 0x12a7e: inc bx 0x12a7f: sub word ptr [bx + si], sp 0x12a81: xor word ptr [bx + di], di 0x12a83: cmp word ptr [bx + si], di 0x12a85: and byte ptr [bp + si + 0x59], al
2018-12-17T22:11:48.544052896Z	26	PC: 12a9d \| Set disk transfer address
2018-12-17T22:11:48.545093075Z	78	PC: 12aa8 \| Find first file
2018-12-17T22:11:48.550909414Z	61	PC: 12b20 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:11:48.558067305Z	87	PC: 12ae4 \| Get or set file date and time
2018-12-17T22:11:48.559453646Z	62	PC: 12b33 \| Close file
2018-12-17T22:11:48.561084515Z	61	PC: 12b20 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:11:48.572816158Z	63	PC: 12b61 \| Read file or device (Read 65000 bytes on handle 5)
2018-12-17T22:11:48.580694817Z	62	PC: 12b33 \| Close file
2018-12-17T22:11:48.582857723Z	67	PC: 12b7c \| Get or set file attributes
2018-12-17T22:11:48.589074922Z	67	PC: 12b42 \| Get or set file attributes
2018-12-17T22:11:48.605733983Z	60	PC: 12b96 \| Create or truncate file
2018-12-17T22:11:48.619846652Z	64	PC: 12bb2 \| Write file or device (Write 643 bytes on handle 5)
2018-12-17T22:11:48.628237042Z	64	PC: 12bcf \| Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:11:48.635713083Z	87	PC: 12beb \| Get or set file date and time
2018-12-17T22:11:48.637336836Z	62	PC: 12b33 \| Close file
2018-12-17T22:11:48.642728056Z	67	PC: 12b42 \| Get or set file attributes

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2435,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:49.034171771Z	42	PC: 12a66 \| Get date 0x12a66: cmp al, 5 0x12a68: je 0x12a6b 0x12a6a: ret 0x12a6b: mov ah, 9 0x12a6d: mov dx, 0x133 0x12a70: int 0x21 0x12a72: ret 0x12a73: sub ch, byte ptr [bp + si] 0x12a75: sub ah, byte ptr [bx + si] 0x12a77: inc dx 0x12a78: inc cx 0x12a79: dec sp 0x12a7a: dec di 0x12a7b: dec di 0x12a7c: and byte ptr [bx + si], ch 0x12a7e: inc bx 0x12a7f: sub word ptr [bx + si], sp 0x12a81: xor word ptr [bx + di], di 0x12a83: cmp word ptr [bx + si], di 0x12a85: and byte ptr [bp + si + 0x59], al
2018-12-25T11:45:49.037033616Z	9	PC: 12a72 \| Display string (String= '* BALOO (C) 1998 BY SKUNKY * ')
2018-12-25T11:45:49.040991677Z	26	PC: 12a9d \| Set disk transfer address
2018-12-25T11:45:49.041997426Z	78	PC: 12aa8 \| Find first file
2018-12-25T11:45:49.051646815Z	61	PC: 12b20 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:49.057938254Z	87	PC: 12ae4 \| Get or set file date and time
2018-12-25T11:45:49.059161155Z	62	PC: 12b33 \| Close file
2018-12-25T11:45:49.060859806Z	61	PC: 12b20 \| Open file (See above)
2018-12-25T11:45:49.072295503Z	63	PC: 12b61 \| Read file or device (Read 65000 bytes on handle 5)
2018-12-25T11:45:49.07826683Z	62	PC: 12b33 \| Close file (See above)
2018-12-25T11:45:49.079814014Z	67	PC: 12b7c \| Get or set file attributes
2018-12-25T11:45:49.085942327Z	67	PC: 12b42 \| Get or set file attributes
2018-12-25T11:45:49.104215465Z	60	PC: 12b96 \| Create or truncate file
2018-12-25T11:45:49.116829443Z	64	PC: 12bb2 \| Write file or device (Write 643 bytes on handle 5)
2018-12-25T11:45:49.125155835Z	64	PC: 12bcf \| Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:45:49.135045653Z	87	PC: 12beb \| Get or set file date and time
2018-12-25T11:45:49.136396517Z	62	PC: 12b33 \| Close file (See above)
2018-12-25T11:45:49.144467067Z	67	PC: 12b42 \| Get or set file attributes (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2435,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:49.423266442Z	42	PC: 12a66 \| Get date 0x12a66: cmp al, 5 0x12a68: je 0x12a6b 0x12a6a: ret 0x12a6b: mov ah, 9 0x12a6d: mov dx, 0x133 0x12a70: int 0x21 0x12a72: ret 0x12a73: sub ch, byte ptr [bp + si] 0x12a75: sub ah, byte ptr [bx + si] 0x12a77: inc dx 0x12a78: inc cx 0x12a79: dec sp 0x12a7a: dec di 0x12a7b: dec di 0x12a7c: and byte ptr [bx + si], ch 0x12a7e: inc bx 0x12a7f: sub word ptr [bx + si], sp 0x12a81: xor word ptr [bx + di], di 0x12a83: cmp word ptr [bx + si], di 0x12a85: and byte ptr [bp + si + 0x59], al
2018-12-25T11:45:49.425886147Z	26	PC: 12a9d \| Set disk transfer address
2018-12-25T11:45:49.426903187Z	78	PC: 12aa8 \| Find first file
2018-12-25T11:45:49.432750999Z	61	PC: 12b20 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:49.439881658Z	87	PC: 12ae4 \| Get or set file date and time
2018-12-25T11:45:49.44126282Z	62	PC: 12b33 \| Close file
2018-12-25T11:45:49.443089554Z	61	PC: 12b20 \| Open file (See above)
2018-12-25T11:45:49.449336507Z	63	PC: 12b61 \| Read file or device (Read 65000 bytes on handle 5)
2018-12-25T11:45:49.455632713Z	62	PC: 12b33 \| Close file (See above)
2018-12-25T11:45:49.457270685Z	67	PC: 12b7c \| Get or set file attributes
2018-12-25T11:45:49.462826341Z	67	PC: 12b42 \| Get or set file attributes
2018-12-25T11:45:49.485594787Z	60	PC: 12b96 \| Create or truncate file
2018-12-25T11:45:49.497142358Z	64	PC: 12bb2 \| Write file or device (Write 643 bytes on handle 5)
2018-12-25T11:45:49.505119627Z	64	PC: 12bcf \| Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:45:49.510672281Z	87	PC: 12beb \| Get or set file date and time
2018-12-25T11:45:49.511710457Z	62	PC: 12b33 \| Close file (See above)
2018-12-25T11:45:49.516762719Z	67	PC: 12b42 \| Get or set file attributes (See above)