Threat Level: green Handler on Duty: Didier Stevens

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Test File: PDF With Embedded DOC Dropping EICAR

Published: 2015-08-28
Last Updated: 2015-08-28 18:24:03 UTC
by Didier Stevens (Version: 1)
4 comment(s)

My diary entry yesterday inspired me to create another test file base on the EICAR test file.

I created a PDF file (MD5 A1DDC9EBE19A3D43EC25889085AD3ED8) that contains a DOC file that drops the EICAR test file.

The PDF file contains JavaScript that extracts and opens the DOC file (with user approval). The DOC file contains a VBA script that executes upon opening of the file, and writes the EICAR test file to a temporary file in the %TEMP% folder.

You can find the PDF file on my blog here. This file will generate an anti-virus alert. Use at your own risk, with approval.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords: doc eicar pdf
4 comment(s)
ISC StormCast for Friday, August 28th 2015 http://isc.sans.edu/podcastdetail.html?id=4633
Diary Archives