Threat Level: green Handler on Duty: Didier Stevens

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Test File: PDF With Embedded DOC Dropping EICAR

Published: 2015-08-28
Last Updated: 2015-08-28 09:51:58 UTC
by Didier Stevens (Version: 1)
3 comment(s)

My diary entry yesterday inspired me to create another test file base on the EICAR test file.

I created a PDF file that contains a DOC file that drops the EICAR test file.

The PDF file contains JavaScript that extracts and opens the DOC file (with user approval). The DOC file contains a VBA script that executes upon opening of the file, and writes the EICAR test file to a temporary file in the %TEMP% folder.

You can find the PDF file on my blog here. This file will generate an anti-virus alert. Use at your own risk, with approval.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords: doc eicar pdf
3 comment(s)
ISC StormCast for Friday, August 28th 2015 http://isc.sans.edu/podcastdetail.html?id=4633
Diary Archives