Test File: PDF With Embedded DOC Dropping EICAR
My diary entry yesterday inspired me to create another test file base on the EICAR test file.
I created a PDF file (MD5 A1DDC9EBE19A3D43EC25889085AD3ED8) that contains a DOC file that drops the EICAR test file.
The PDF file contains JavaScript that extracts and opens the DOC file (with user approval). The DOC file contains a VBA script that executes upon opening of the file, and writes the EICAR test file to a temporary file in the %TEMP% folder.
You can find the PDF file on my blog here. This file will generate an anti-virus alert. Use at your own risk, with approval.
Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
ISC StormCast for Friday, August 28th 2015 http://isc.sans.edu/podcastdetail.html?id=4633
×
Diary Archives
Comments