RAPTOR

Alias:
Strain:-
detected when:
where:
Classification:EXE-infector, resident
Length:2992

Preconditions

Operating System(s):MS-DOS
Version/Release:All models
Computer model(s):PC's
Caroname:RAPTOR

Attributes

Easy identification:

Type of Infection:

The virus appends itself to the files Selfrec in memory: [0:04F1h] = 58h Selfrec on disk: File[12h] = 1F23h

Infection Technique:
Infection Trigger:(EXEC or OPEN) and (LengthEXE<143360) and(SS in Exehdr != (07BCh or 141Dh or 07EEh or 19BFh or 1A45 or1A09h or 0740h or 0CBCh or 2025h or 2894h or 2402h or 2248hor 11EAh))
Storage Media affected:
Interrupts hooked:21h/4Bh, 21h/3Dh, 1Ch if (day==13)
Stealth:
Tunneling/Selfprot:
Oligo/Polymorphism:-
Encoding Method:
Damage:Transient: 1. Shows message (yellow letters on red background)2. Prints blocks (5x5 characters) on the screen Permanent: -
Damage Trigger:Transient: 1. (Day==Month) and (Day!=12)2. (Day==13) and (virus is resident 55 minutes in memory) Permanent: -
Particularities:The virus resides above the last MCB Displayed text: " The Raptor virus version 1.5Copyright 3.12.1993 - Hacker club Brno - Czech republicDon`t panic!! This virus doesn`t destroy data! I am most kindly virus!!I should inform you that soon comes Raptor2.0 with special sealth systems!You can be sure that Raptor2 will be totally untouchable!";Encrypted Some errors in virus code occured:When name of opened file doesn't contains '.' (has no extension),virus may fall into endless loop.If (filesize mod 512)==0, file will be corrupted (last 512 bytes willbe overwritten by virus).
Similarities:

Agents

Countermeasures:
Standard means:

Acknowledgements

Location:Virus Test Center, University Hamburg, FRG
Classification by:Petr Zahradnicek
Documentation by:Petr Zahradnicek
Date:1994-02-10
Information Source:Caroentry (autom.converter by S.Freitag)

(c) 1996 Virus-Test-Center, University of Hamburg