Sample viewer

vx.netlux.org/Virus.DOS.Nostardamus.2220

Time	Syscall Op	Syscall Name
2018-12-17T23:08:36.411410714Z	53	PC: 135b2 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:08:36.412995272Z	42	PC: 135eb \| Get date 0x135eb: shl dh, 1 0x135ed: cmp dh, dl 0x135ef: jne 0x1364f 0x135f1: inc si 0x135f2: cmp byte ptr [si], 0x14 0x135f5: jb 0x1364f 0x135f7: mov dx, si 0x135f9: inc dx 0x135fa: mov ah, 9 0x135fc: int 0x21 0x135fe: mov ah, 0xcd 0x13600: xor ah, 0xde 0x13603: int 0x2f 0x13605: push es 0x13606: push bx 0x13607: int 0x2f 0x13609: pop bx 0x1360a: pop es 0x1360b: pop si 0x1360c: push si
2018-12-17T23:08:36.415011709Z	240	PC: 13656 \| UNKNOWN!
2018-12-17T23:08:36.415691705Z	53	PC: 1314f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:36.416922538Z	53	PC: 1315f \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T23:08:36.418269608Z	53	PC: 1316f \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:08:36.419343735Z	37	PC: 1317e \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:08:36.421215984Z	37	PC: 1309b \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:08:36.422316301Z	9	PC: 12a47 \| Display string (String= '��!!! �� NOSTARDAMUS-2220 (�� HOMERUN-2220!!! �� (�� )!!! �� ???????? (AIDSTEST �� ) !!! ')

Time	Syscall Op	Syscall Name
2018-12-25T12:52:26.146954024Z	53	PC: 135b2 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:52:26.150745569Z	42	PC: 135eb \| Get date 0x135eb: shl dh, 1 0x135ed: cmp dh, dl 0x135ef: jne 0x1364f 0x135f1: inc si 0x135f2: cmp byte ptr [si], 0x14 0x135f5: jb 0x1364f 0x135f7: mov dx, si 0x135f9: inc dx 0x135fa: mov ah, 9 0x135fc: int 0x21 0x135fe: mov ah, 0xcd 0x13600: xor ah, 0xde 0x13603: int 0x2f 0x13605: push es 0x13606: push bx 0x13607: int 0x2f 0x13609: pop bx 0x1360a: pop es 0x1360b: pop si 0x1360c: push si
2018-12-25T12:52:26.154771241Z	240	PC: 13656 \| UNKNOWN!
2018-12-25T12:52:26.155844653Z	53	PC: 1314f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:26.157183454Z	53	PC: 1315f \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:52:26.159528692Z	53	PC: 1316f \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:52:26.161212588Z	37	PC: 1317e \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:52:26.163137906Z	37	PC: 1309b \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:52:26.165643509Z	9	PC: 12a47 \| Display string (String= '��!!! �� NOSTARDAMUS-2220 (�� HOMERUN-2220!!! �� (�� )!!! �� ???????? (AIDSTEST �� ) !!! ')

Time	Syscall Op	Syscall Name
2018-12-25T12:52:26.35442337Z	53	PC: 135b2 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:52:26.355804731Z	42	PC: 135eb \| Get date 0x135eb: shl dh, 1 0x135ed: cmp dh, dl 0x135ef: jne 0x1364f 0x135f1: inc si 0x135f2: cmp byte ptr [si], 0x14 0x135f5: jb 0x1364f 0x135f7: mov dx, si 0x135f9: inc dx 0x135fa: mov ah, 9 0x135fc: int 0x21 0x135fe: mov ah, 0xcd 0x13600: xor ah, 0xde 0x13603: int 0x2f 0x13605: push es 0x13606: push bx 0x13607: int 0x2f 0x13609: pop bx 0x1360a: pop es 0x1360b: pop si 0x1360c: push si
2018-12-25T12:52:26.358222639Z	9	PC: 135fe \| Display string (String= 'The NOSTARDAMUS-Erase (c) v2.0 beta Formating disk C: 40Mb ')
2018-12-25T12:52:26.44166141Z	240	PC: 13656 \| UNKNOWN!
2018-12-25T12:52:26.443067423Z	53	PC: 1314f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:26.444540954Z	53	PC: 1315f \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:52:26.450483828Z	73	PC: 14678 \| Release memory
2018-12-25T12:52:26.452694327Z	62	PC: 14a69 \| Close file