Dark End
Alias: 
Strain: -
detected when: 
where: 
Classification: COM and EXE infector, resident
Length: 1188

Preconditions
Operating System(s): MS-DOS
Version/Release: All models
Computer model(s): PC's
Caroname: Dark End

Attributes 
Easy identification: 
Type of Infection:
 The virus appends itself to the files Selfrec in memory: Int21;AX=E900 --> AX=1234h Selfrec on disk: File[EOF-2] == "d." (end of MSG_NOT_DISPLAYED: )
 
Infection Technique: 
Infection Trigger: Load && File[EOF-278] != 4143h && File[EOF-287] != 4143h
Storage Media affected: 
Interrupts hooked: 21/4B, 21/E900, 24, 8, 22 (during install)
Stealth: 
Tunneling/Selfprot: 
Oligo/Polymorphism: -
Encoding Method: 
Damage: Transient: set video mode 3 Permanent: [1] Delete certain files after loading them[2] Delete files after infection and loading[3] Write 30 sectors of screen memory to drive C: (int 26h)
Damage Trigger: Transient: once in a while (int 8) Permanent: (effect postponed until after loading the file)[1] Load && (File[EOF-278] == 4143h || File[EOF-287] == 4143h)[2] INFECTION_TRIGGER: && (1pm <= Time <= 1_06pm)[3] 2nd_stage_install && Date >= October_15th
Particularities: The virus resides as a TSR The virus resides above the last MCB Int24 vector clobbered Not displayed text: "(c) Dark End." no check is made for exceeding filesize limits
Similarities: 

Agents
Countermeasures: 
Standard means: 

Acknowledgements
Location: Virus Test Center, University Hamburg, FRG
Classification by: Adam David, Frisk Software International
Documentation by: Adam David, Frisk Software International
Date: 28.7.93
Information Source: Caroentry (autom.converter by S.Freitag)