Suleiman.692 seems to be February 1999 in the wild in Germany. It was accidentally sent out on over 100,000 CD-ROMs by an Austrian shareware vendor in February 1999.
It is a memory resident parasitic fast infector. It goes memory resident (768 bytes) trying to use upper memory (UMB), hooks INT 21h and writes itself to the end of DOS EXE files that are accessed, executed, opened or renamed. Infected files will grow 692 bytes. The virus does not infect the TBAV, SCAN and other anti-virus programs (TB*.*, SC*.*, AN*.*). The virus infectes any type of files that have an EXE header ("MZ") thus corrupting some files with overlays as well as non DOS EXE files like Winodws PE file format.
It does not manifest itself in any way and has no payload. It contains the text strings:
This is SULEIMAN's Return written by BLACK JACK! I'm big, I'm bad, I'm not bled!
Selfcheck with INT 21H, AX=B1DA, return AX=DADA if virus is already resident. The virus uses 80286 instructions.
Analysis (c) 1999 by ROSE SWE, Ralph Roth