Capital
Alias: 
Strain: -
detected when: 
where: 
Classification: COM-infector, resident
Length: 7AH paragraph(s)

Preconditions
Operating System(s): MS-DOS
Version/Release: DOS >= 2.0
Computer model(s): PC's
Caroname: Capital

Attributes 
Easy identification: 
Type of Infection:
 Appending, uses DOS file length to position virus. Selfrec in memory: INT_21; AX=4BEE; SI=5448 -> DI=4950 Selfrec on disk: (File[0] = E9) AND (File[1] = EndOfOrgFile)COMJump to end of org file
 
Infection Technique: 
Infection Trigger: (Exec) AND (LengthCOM <= 63500)
Storage Media affected: 
Interrupts hooked: 21/4B00, 21/4BEE, 28, 1C
Stealth: 
Tunneling/Selfprot: 
Oligo/Polymorphism: -
Encoding Method: 
Damage: Transient: On 80x25 text mode screens it converts lowercases touppercases (only once) Permanent: -
Damage Trigger: Transient: (Month = even) AND (DayOfWeek = even) AND (Time = 11:11:11) Permanent: -
Particularities: only shrinks the current MCB if it is a 'Z' block. (Only leaves a mess if there is another chain of MCBs, eg for UMBs).
Similarities: 

Agents
Countermeasures: 
Standard means: 

Acknowledgements
Location: Virus Test Center, University Hamburg, FRG
Classification by: BSI (GISA) / V2, Hubert Schmitz
Documentation by: BSI (GISA) / V2, Hubert Schmitz
Date: 1995-03-22
Information Source: Caroentry (autom.converter by S.Freitag)