{"guid":"2375222b-7dae-4bca-a5b0-aea227ab0d76","title":"A deep dive into the world of DOS viruses","subtitle":"Explaining in detail just how those little COM files infected and played with us back in the day","slug":"35c3-9617-a_deep_dive_into_the_world_of_dos_viruses","link":"https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9617.html","description":"It is now 27 years since MS-DOS 5.0 was released. During its day there was the threat of viruses breaking your system or making it act in unpredictable ways. Due to its age and near total lack of consumer use it is safe to assume that all of the viruses for MS-DOS have been written. Using community archives and modern analysis methods we can uncover how they worked and reflect on how things have changed.\n\nComputers have come a long way in the last 27 years, and so has malware too. This talk will start off with some of the most famous and widely known payloads. A basic guide on how MS-DOS runs applications, and we will work up from there to analysing all 17k+ samples with that are in the archives using automatic tooling to pick out some of the most interesting ones.\n\nIf you don’t have reverse engineering skills, don’t be afraid! We will start off with the basics of how the IBM PC works, MS DOS execution, binary runtime, and how we automatically run/disassemble/trace/fuzz malware on mass.","original_language":"eng","persons":["Ben Cartwright-Cox"],"view_count":6891,"promoted":false,"date":"2018-12-28T00:00:00.000+01:00","release_date":"2018-12-29T01:00:00.000+01:00","updated_at":"2026-04-12T01:00:03.379+02:00","tags":["35c3","9617","Security"],"length":2292,"duration":2292,"thumb_url":"https://static.media.ccc.de/media/congress/2018/9617-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2018/9617-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2018/9617-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2018/9617-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/35c3-9617-a_deep_dive_into_the_world_of_dos_viruses","url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_title":"35C3: Refreshing Memories","conference_url":"https://api.media.ccc.de/public/conferences/35c3","related":[{"event_id":6381,"event_guid":"c0e4f528-92c7-4170-aff3-d4dd5cd74b2c","weight":118},{"event_id":6390,"event_guid":"6a5007f4-e7d6-4c63-9a10-26dd48a6eb6c","weight":185},{"event_id":6400,"event_guid":"527b56af-8d56-4edb-9027-9ca60767c742","weight":163},{"event_id":6404,"event_guid":"5b947f86-8ba1-4b99-adbe-7c5030deea0c","weight":150},{"event_id":6406,"event_guid":"686c1387-e761-4df6-b395-f9ddf92d46e7","weight":105},{"event_id":6409,"event_guid":"a42e5a4f-fd9b-4571-bf17-483978afecb3","weight":137},{"event_id":6411,"event_guid":"42650545-4394-4455-a5f5-9efad111fedc","weight":215},{"event_id":6422,"event_guid":"e8385c89-d33a-42d8-afb6-8ae28fe5c89d","weight":188},{"event_id":6423,"event_guid":"ea7c532f-cc2d-4cb1-8f15-1933df7fd523","weight":113},{"event_id":6429,"event_guid":"d995955c-319f-4228-b3f4-080868bbfdf8","weight":106},{"event_id":6430,"event_guid":"462f9320-3a0e-4785-82de-15343803c2ba","weight":131},{"event_id":6435,"event_guid":"9777cea0-ac06-4274-85db-908c1e87e2f4","weight":106},{"event_id":6462,"event_guid":"23e85d7a-9645-4ae2-9954-63b71abc08d4","weight":133},{"event_id":6474,"event_guid":"f58a2b6d-bde0-483b-a8db-043ea9371cb6","weight":223},{"event_id":6477,"event_guid":"c85de43e-107e-4247-b550-946f376e2ec4","weight":132},{"event_id":6481,"event_guid":"948fee49-de6f-42b1-82f8-045af2aa155e","weight":108},{"event_id":6488,"event_guid":"8943659a-536d-4afb-85de-f1b8b29a7902","weight":127},{"event_id":6491,"event_guid":"9f8b19eb-31cb-4250-80d4-5caf4e0b33dd","weight":36},{"event_id":6492,"event_guid":"bc545b26-8319-43fb-abc2-f624ef414ee8","weight":127},{"event_id":6494,"event_guid":"9a91d92b-0691-46b2-ba73-112bc598342f","weight":24},{"event_id":6498,"event_guid":"4e6ab724-8663-456a-ac01-1cfdfc94c27f","weight":34},{"event_id":6499,"event_guid":"a750228d-a37d-43c0-8e2f-d46137a991dc","weight":242},{"event_id":6503,"event_guid":"d0d6d058-f117-4ccb-ba6a-c41d9290a287","weight":233},{"event_id":6507,"event_guid":"787007cf-828d-4409-94b0-90a0b8d727a0","weight":121},{"event_id":6511,"event_guid":"4f6f4278-1cfb-4e8d-935d-ec0ac2adefc5","weight":152},{"event_id":6520,"event_guid":"64d3f3f5-5665-4050-ba15-0db530ecc262","weight":148},{"event_id":6532,"event_guid":"94447a62-a3ba-4f6d-a3b7-b5318a954651","weight":107},{"event_id":6535,"event_guid":"a875f05c-5eeb-4478-9e6f-863fc52b8868","weight":129},{"event_id":6543,"event_guid":"48ed6dea-e67d-4866-8c35-318e9d892363","weight":179},{"event_id":6551,"event_guid":"3a571c21-31ed-453b-886d-7dea7b5751cd","weight":167},{"event_id":6577,"event_guid":"49fe1044-4038-4cec-8e80-71621c9e7d6e","weight":240},{"event_id":6603,"event_guid":"ea00d1e0-a580-415f-a8cf-f02883d939dc","weight":315},{"event_id":6611,"event_guid":"b1b28bd0-5279-4950-8385-9ee8a57187f9","weight":218}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses.en.srt","state":"complete","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2021-02-21T19:46:01.501+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses.en.srt","url":"https://api.media.ccc.de/public/recordings/45393","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":208,"length":2291,"mime_type":"video/mp4","language":"eng","filename":"35c3-9617-eng-A_deep_dive_into_the_world_of_DOS_viruses.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T12:18:55.498+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/h264-hd/35c3-9617-eng-A_deep_dive_into_the_world_of_DOS_viruses.mp4","url":"https://api.media.ccc.de/public/recordings/31691","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":208,"length":2291,"mime_type":"video/mp4","language":"deu","filename":"35c3-9617-deu-A_deep_dive_into_the_world_of_DOS_viruses.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T12:19:03.606+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/h264-hd/35c3-9617-deu-A_deep_dive_into_the_world_of_DOS_viruses.mp4","url":"https://api.media.ccc.de/public/recordings/31692","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":287,"length":2291,"mime_type":"video/mp4","language":"eng-deu","filename":"35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T12:19:12.239+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/h264-hd/35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_hd.mp4","url":"https://api.media.ccc.de/public/recordings/31693","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":116,"length":2291,"mime_type":"video/mp4","language":"eng-deu","filename":"35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_hd-slides.mp4","state":"new","folder":"slides-h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T13:07:38.818+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/slides-h264-hd/35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_hd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/31714","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":131,"length":2291,"mime_type":"video/mp4","language":"eng-deu","filename":"35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-12-29T13:09:39.616+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/h264-sd/35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_sd.mp4","url":"https://api.media.ccc.de/public/recordings/31719","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":233,"length":2291,"mime_type":"video/webm","language":"eng-deu","filename":"35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-12-29T13:18:11.345+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/webm-sd/35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/31735","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":27,"length":2291,"mime_type":"audio/opus","language":"eng","filename":"35c3-9617-eng-A_deep_dive_into_the_world_of_DOS_viruses_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2018-12-29T13:19:50.753+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/opus/35c3-9617-eng-A_deep_dive_into_the_world_of_DOS_viruses_opus.opus","url":"https://api.media.ccc.de/public/recordings/31738","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":34,"length":2292,"mime_type":"audio/mpeg","language":"eng","filename":"35c3-9617-eng-A_deep_dive_into_the_world_of_DOS_viruses_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2018-12-29T13:20:05.922+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/mp3/35c3-9617-eng-A_deep_dive_into_the_world_of_DOS_viruses_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/31739","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"},{"size":438,"length":2291,"mime_type":"video/webm","language":"eng-deu","filename":"35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2018-12-29T14:30:04.280+01:00","recording_url":"https://cdn.media.ccc.de/congress/2018/webm-hd/35c3-9617-eng-deu-A_deep_dive_into_the_world_of_DOS_viruses_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/31771","event_url":"https://api.media.ccc.de/public/events/2375222b-7dae-4bca-a5b0-aea227ab0d76","conference_url":"https://api.media.ccc.de/public/conferences/35c3"}]}