Sample viewer

vx.netlux.org/Virus.DOS.Baloo.589

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:15.927108839Z	26	PC: 12ac8 \| Set disk transfer address
2018-12-17T22:16:15.929022466Z	78	PC: 12abe \| Find first file
2018-12-17T22:16:15.930778558Z	42	PC: 12a73 \| Get date 0x12a73: cmp al, 5 0x12a75: je 0x12a78 0x12a77: ret 0x12a78: cmp dl, 0xd 0x12a7b: je 0x12a7e 0x12a7d: ret 0x12a7e: mov di, 0x1e 0x12a81: mov al, 0xb6 0x12a83: out 0x43, al 0x12a85: mov dx, 0x12 0x12a88: mov ax, 0x34dc 0x12a8b: div di 0x12a8d: out 0x42, al 0x12a8f: mov al, ah 0x12a91: out 0x42, al 0x12a93: in al, 0x61 0x12a95: mov ah, al 0x12a97: or al, 3 0x12a99: out 0x61, al 0x12a9b: ret

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2923,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:44.390386424Z	26	PC: 12ac8 \| Set disk transfer address
2018-12-25T11:47:44.400215495Z	78	PC: 12abe \| Find first file
2018-12-25T11:47:44.402446357Z	42	PC: 12a73 \| Get date 0x12a73: cmp al, 5 0x12a75: je 0x12a78 0x12a77: ret 0x12a78: cmp dl, 0xd 0x12a7b: je 0x12a7e 0x12a7d: ret 0x12a7e: mov di, 0x1e 0x12a81: mov al, 0xb6 0x12a83: out 0x43, al 0x12a85: mov dx, 0x12 0x12a88: mov ax, 0x34dc 0x12a8b: div di 0x12a8d: out 0x42, al 0x12a8f: mov al, ah 0x12a91: out 0x42, al 0x12a93: in al, 0x61 0x12a95: mov ah, al 0x12a97: or al, 3 0x12a99: out 0x61, al 0x12a9b: ret

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2923,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:44.421009711Z	26	PC: 12ac8 \| Set disk transfer address
2018-12-25T11:47:44.423421233Z	78	PC: 12abe \| Find first file
2018-12-25T11:47:44.425399087Z	42	PC: 12a73 \| Get date 0x12a73: cmp al, 5 0x12a75: je 0x12a78 0x12a77: ret 0x12a78: cmp dl, 0xd 0x12a7b: je 0x12a7e 0x12a7d: ret 0x12a7e: mov di, 0x1e 0x12a81: mov al, 0xb6 0x12a83: out 0x43, al 0x12a85: mov dx, 0x12 0x12a88: mov ax, 0x34dc 0x12a8b: div di 0x12a8d: out 0x42, al 0x12a8f: mov al, ah 0x12a91: out 0x42, al 0x12a93: in al, 0x61 0x12a95: mov ah, al 0x12a97: or al, 3 0x12a99: out 0x61, al 0x12a9b: ret

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2923,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:44.512539799Z	26	PC: 12ac8 \| Set disk transfer address
2018-12-25T11:47:44.514244617Z	78	PC: 12abe \| Find first file
2018-12-25T11:47:44.5163503Z	42	PC: 12a73 \| Get date 0x12a73: cmp al, 5 0x12a75: je 0x12a78 0x12a77: ret 0x12a78: cmp dl, 0xd 0x12a7b: je 0x12a7e 0x12a7d: ret 0x12a7e: mov di, 0x1e 0x12a81: mov al, 0xb6 0x12a83: out 0x43, al 0x12a85: mov dx, 0x12 0x12a88: mov ax, 0x34dc 0x12a8b: div di 0x12a8d: out 0x42, al 0x12a8f: mov al, ah 0x12a91: out 0x42, al 0x12a93: in al, 0x61 0x12a95: mov ah, al 0x12a97: or al, 3 0x12a99: out 0x61, al 0x12a9b: ret