Sample viewer

vx.netlux.org/Virus.DOS.Lobo.813

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:23.869730873Z 9 PC: 145cc | Display string (String= 'Resident LOBO virus 3.0 (c)Copyright Lobosoft 1997. Barakaldo, Spain.')
2018-12-17T22:58:23.874914921Z 42 PC: 145d0 | Get date 0x145d0: cmp dh, dl
0x145d2: jne 0x145d7
0x145d4: jmp 0x147aa
0x145d7: xor cx, cx
0x145d9: mov ax, 0xffff
0x145dc: int 0x21
0x145de: cmp cx, -1
0x145e1: je 0x14628
0x145e3: mov ax, cs
0x145e5: dec ax
0x145e6: mov ds, ax
0x145e8: cmp byte ptr [0], 0x5a
0x145ed: jne 0x14628
0x145ef: mov ax, word ptr [3]
0x145f2: sub ax, 0x100
0x145f5: mov word ptr [3], ax
0x145f8: mov bx, ax
0x145fa: mov ax, es
0x145fc: add ax, bx
0x145fe: mov es, ax
2018-12-17T22:58:23.877744085Z 255 PC: 145de | UNKNOWN!
2018-12-17T22:58:23.878882366Z 37 PC: 14628 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:23.881568373Z 99 PC: 13f3b | Get DBCS lead byte table pointer
2018-12-17T22:58:23.894303624Z 68 PC: 13f55 | I/O control for devices (Set for = '')
2018-12-17T22:58:23.896111652Z 68 PC: 13f60 | I/O control for devices (Set for = '')
2018-12-17T22:58:23.901587284Z 68 PC: 13f6b | I/O control for devices (Set for = '')
2018-12-17T22:58:23.908391708Z 68 PC: 13f73 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:58:23.91027652Z 48 PC: 13f78 | Get DOS version
2018-12-17T22:58:23.911729724Z 64 PC: 141f1 | Write file or device (Write 27 bytes on handle 2)
2018-12-17T22:58:23.916738825Z 76 PC: 12d4f | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12875,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:42.129286632Z 9 PC: 145cc | Display string (String= 'Resident LOBO virus 3.0 (c)Copyright Lobosoft 1997. Barakaldo, Spain.')
2018-12-25T12:36:42.135561613Z 42 PC: 145d0 | Get date 0x145d0: cmp dh, dl
0x145d2: jne 0x145d7
0x145d4: jmp 0x147aa
0x145d7: xor cx, cx
0x145d9: mov ax, 0xffff
0x145dc: int 0x21
0x145de: cmp cx, -1
0x145e1: je 0x14628
0x145e3: mov ax, cs
0x145e5: dec ax
0x145e6: mov ds, ax
0x145e8: cmp byte ptr [0], 0x5a
0x145ed: jne 0x14628
0x145ef: mov ax, word ptr [3]
0x145f2: sub ax, 0x100
0x145f5: mov word ptr [3], ax
0x145f8: mov bx, ax
0x145fa: mov ax, es
0x145fc: add ax, bx
0x145fe: mov es, ax
2018-12-25T12:36:42.147682265Z 9 PC: 147df | Display string (String= ' Virus LOBO 3.0 by Topo.--> HDD deleted. ALL DATA LOST !!! ')
2018-12-25T12:36:42.152207198Z 9 PC: 147f4 | Display string (String= ' Have a nice day. (c)LOBOSOFT 1997. Barakaldo, Spain. ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12875,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:42.313975025Z 9 PC: 145cc | Display string (String= 'Resident LOBO virus 3.0 (c)Copyright Lobosoft 1997. Barakaldo, Spain.')
2018-12-25T12:36:42.319225464Z 42 PC: 145d0 | Get date 0x145d0: cmp dh, dl
0x145d2: jne 0x145d7
0x145d4: jmp 0x147aa
0x145d7: xor cx, cx
0x145d9: mov ax, 0xffff
0x145dc: int 0x21
0x145de: cmp cx, -1
0x145e1: je 0x14628
0x145e3: mov ax, cs
0x145e5: dec ax
0x145e6: mov ds, ax
0x145e8: cmp byte ptr [0], 0x5a
0x145ed: jne 0x14628
0x145ef: mov ax, word ptr [3]
0x145f2: sub ax, 0x100
0x145f5: mov word ptr [3], ax
0x145f8: mov bx, ax
0x145fa: mov ax, es
0x145fc: add ax, bx
0x145fe: mov es, ax
2018-12-25T12:36:42.321840768Z 255 PC: 145de | UNKNOWN!
2018-12-25T12:36:42.323035413Z 37 PC: 14628 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:42.325081263Z 99 PC: 13f3b | Get DBCS lead byte table pointer
2018-12-25T12:36:42.328422104Z 68 PC: 13f55 | I/O control for devices (Set for = '')
2018-12-25T12:36:42.330119305Z 68 PC: 13f60 | I/O control for devices (Set for = '')
2018-12-25T12:36:42.332037429Z 68 PC: 13f6b | I/O control for devices (Set for = '')
2018-12-25T12:36:42.334679629Z 68 PC: 13f73 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:36:42.336933667Z 48 PC: 13f78 | Get DOS version
2018-12-25T12:36:42.339190569Z 64 PC: 141f1 | Write file or device (Write 27 bytes on handle 2)
2018-12-25T12:36:42.356783847Z 76 PC: 12d4f | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12875,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:42.883926096Z 9 PC: 145cc | Display string (String= 'Resident LOBO virus 3.0 (c)Copyright Lobosoft 1997. Barakaldo, Spain.')
2018-12-25T12:36:42.889701315Z 42 PC: 145d0 | Get date 0x145d0: cmp dh, dl
0x145d2: jne 0x145d7
0x145d4: jmp 0x147aa
0x145d7: xor cx, cx
0x145d9: mov ax, 0xffff
0x145dc: int 0x21
0x145de: cmp cx, -1
0x145e1: je 0x14628
0x145e3: mov ax, cs
0x145e5: dec ax
0x145e6: mov ds, ax
0x145e8: cmp byte ptr [0], 0x5a
0x145ed: jne 0x14628
0x145ef: mov ax, word ptr [3]
0x145f2: sub ax, 0x100
0x145f5: mov word ptr [3], ax
0x145f8: mov bx, ax
0x145fa: mov ax, es
0x145fc: add ax, bx
0x145fe: mov es, ax
2018-12-25T12:36:42.900882371Z 9 PC: 147df | Display string (String= ' Virus LOBO 3.0 by Topo.--> HDD deleted. ALL DATA LOST !!! ')
2018-12-25T12:36:42.904869804Z 9 PC: 147f4 | Display string (String= ' Have a nice day. (c)LOBOSOFT 1997. Barakaldo, Spain. ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12875,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:43.731763604Z 9 PC: 145cc | Display string (String= 'Resident LOBO virus 3.0 (c)Copyright Lobosoft 1997. Barakaldo, Spain.')
2018-12-25T12:36:43.736011657Z 42 PC: 145d0 | Get date 0x145d0: cmp dh, dl
0x145d2: jne 0x145d7
0x145d4: jmp 0x147aa
0x145d7: xor cx, cx
0x145d9: mov ax, 0xffff
0x145dc: int 0x21
0x145de: cmp cx, -1
0x145e1: je 0x14628
0x145e3: mov ax, cs
0x145e5: dec ax
0x145e6: mov ds, ax
0x145e8: cmp byte ptr [0], 0x5a
0x145ed: jne 0x14628
0x145ef: mov ax, word ptr [3]
0x145f2: sub ax, 0x100
0x145f5: mov word ptr [3], ax
0x145f8: mov bx, ax
0x145fa: mov ax, es
0x145fc: add ax, bx
0x145fe: mov es, ax
2018-12-25T12:36:43.738097729Z 255 PC: 145de | UNKNOWN!
2018-12-25T12:36:43.738958792Z 37 PC: 14628 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:43.741595017Z 99 PC: 13f3b | Get DBCS lead byte table pointer
2018-12-25T12:36:43.743178536Z 68 PC: 13f55 | I/O control for devices (Set for = '')
2018-12-25T12:36:43.744889942Z 68 PC: 13f60 | I/O control for devices (Set for = '')
2018-12-25T12:36:43.74855308Z 68 PC: 13f6b | I/O control for devices (Set for = '')
2018-12-25T12:36:43.751025172Z 68 PC: 13f73 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:36:43.753703193Z 48 PC: 13f78 | Get DOS version
2018-12-25T12:36:43.756778913Z 64 PC: 141f1 | Write file or device (Write 27 bytes on handle 2)
2018-12-25T12:36:43.771126187Z 76 PC: 12d4f | Terminate with return code (Return code = '2')