| Alias: | |
| Strain: | - |
| detected when: | |
| where: | |
| Classification: | COM-infector, resident |
| Length: | 7AH paragraph(s) |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | DOS >= 2.0 |
| Computer model(s): | PC's |
| Caroname: | Capital |
Attributes | |
| Easy identification: | |
Type of Infection: | Appending, uses DOS file length to position virus. Selfrec in memory: INT_21; AX=4BEE; SI=5448 -> DI=4950 Selfrec on disk: (File[0] = E9) AND (File[1] = EndOfOrgFile)COMJump to end of org file |
| Infection Technique: | |
| Infection Trigger: | (Exec) AND (LengthCOM <= 63500) |
| Storage Media affected: | |
| Interrupts hooked: | 21/4B00, 21/4BEE, 28, 1C |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | - |
| Encoding Method: | |
| Damage: | Transient: On 80x25 text mode screens it converts lowercases touppercases (only once) Permanent: - |
| Damage Trigger: | Transient: (Month = even) AND (DayOfWeek = even) AND (Time = 11:11:11) Permanent: - |
| Particularities: | only shrinks the current MCB if it is a 'Z' block. (Only leaves a mess if there is another chain of MCBs, eg for UMBs). |
| Similarities: | |
Agents | |
| Countermeasures: | |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | BSI (GISA) / V2, Hubert Schmitz |
| Documentation by: | BSI (GISA) / V2, Hubert Schmitz |
| Date: | 1995-03-22 |
| Information Source: | Caroentry (autom.converter by S.Freitag) |
(c) 1996 Virus-Test-Center, University of Hamburg