Event ID - 4442

Port No4442
Service NameGOLGI
RFC Doc0
ProtocolTCP
DescriptionThis non-polymorphic, memory-resident DOS virus infects COM and EXE files that are executed, opened, or closed, and when the DOS command DIR is executed.
Reference Link GOLGI
AttackDetails:

This virus hooks the DOS function, interrupt, INT 21h, to install itself in memory. Once in memory, it infects COM and EXE files that are executed, opened, or closed, and when the DOS command DIR is executed.

To infect, it writes itself at the end of target files.

The following text strings are found in the virus body:

[Oracle] by MnemoniX

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh