Sample viewer

vx.netlux.org/Virus.DOS.Nostardamus.2247

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:41.597906177Z 53 PC: 13795 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:41.60047377Z 42 PC: 137ce | Get date 0x137ce: shl dh, 1
0x137d0: cmp dh, dl
0x137d2: jne 0x13832
0x137d4: inc si
0x137d5: cmp byte ptr [si], 0x14
0x137d8: jb 0x13832
0x137da: mov dx, si
0x137dc: inc dx
0x137dd: mov ah, 9
0x137df: int 0x21
0x137e1: mov ah, 0xcd
0x137e3: xor ah, 0xde
0x137e6: int 0x2f
0x137e8: push es
0x137e9: push bx
0x137ea: int 0x2f
0x137ec: pop bx
0x137ed: pop es
0x137ee: pop si
0x137ef: push si
2018-12-17T22:47:41.602988634Z 240 PC: 13839 | UNKNOWN!
2018-12-17T22:47:41.604470497Z 53 PC: 13317 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:41.606456373Z 53 PC: 13327 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:47:41.607635606Z 53 PC: 13337 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:41.608835115Z 37 PC: 13346 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:47:41.611148783Z 37 PC: 13263 | Set interrupt vector (Interrupt = '1' AKA 'Character input')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:50.768561846Z 53 PC: 13795 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:50.772293991Z 42 PC: 137ce | Get date 0x137ce: shl dh, 1
0x137d0: cmp dh, dl
0x137d2: jne 0x13832
0x137d4: inc si
0x137d5: cmp byte ptr [si], 0x14
0x137d8: jb 0x13832
0x137da: mov dx, si
0x137dc: inc dx
0x137dd: mov ah, 9
0x137df: int 0x21
0x137e1: mov ah, 0xcd
0x137e3: xor ah, 0xde
0x137e6: int 0x2f
0x137e8: push es
0x137e9: push bx
0x137ea: int 0x2f
0x137ec: pop bx
0x137ed: pop es
0x137ee: pop si
0x137ef: push si
2018-12-25T12:22:50.774613033Z 240 PC: 13839 | UNKNOWN!
2018-12-25T12:22:50.77578384Z 53 PC: 13317 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:50.778596573Z 53 PC: 13327 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:22:50.780074068Z 53 PC: 13337 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:50.781394557Z 37 PC: 13346 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:50.783163355Z 37 PC: 13263 | Set interrupt vector (Interrupt = '1' AKA 'Character input')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9300,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:50.758747618Z 53 PC: 13795 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:50.760970591Z 42 PC: 137ce | Get date 0x137ce: shl dh, 1
0x137d0: cmp dh, dl
0x137d2: jne 0x13832
0x137d4: inc si
0x137d5: cmp byte ptr [si], 0x14
0x137d8: jb 0x13832
0x137da: mov dx, si
0x137dc: inc dx
0x137dd: mov ah, 9
0x137df: int 0x21
0x137e1: mov ah, 0xcd
0x137e3: xor ah, 0xde
0x137e6: int 0x2f
0x137e8: push es
0x137e9: push bx
0x137ea: int 0x2f
0x137ec: pop bx
0x137ed: pop es
0x137ee: pop si
0x137ef: push si
2018-12-25T12:22:50.763301515Z 240 PC: 13839 | UNKNOWN!
2018-12-25T12:22:50.764166238Z 53 PC: 13317 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:50.765490263Z 53 PC: 13327 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:22:50.766764506Z 53 PC: 13337 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:50.768330252Z 37 PC: 13346 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:22:50.769837851Z 37 PC: 13263 | Set interrupt vector (Interrupt = '1' AKA 'Character input')