Didier Stevens

Monday 11 August 2014

EICARgen: An Arms Race

Filed under: My Software — Didier Stevens @ 0:01

If you subscribed to my videos, you saw this video and had early access to my new version of EICARgen.

Version 1.0 of EICARgen is detected by too many AV as a dropper. So I rewrote the code. If you launch the new EICARgen (version 2.0) without any arguments, it does nothing.

You have to provide argument “write” for it to write the EICAR test file to disk. By default this is eicar.com, but you can still provide a filename as second argument.

And I’ve added 2 new files: zip and pdf. Use argument zip and eicar.zip is written, use pdf and eicar.pdf is written.

Here is the VirusTotal detection for eicargen.exe.

EICARgen_V2_0.zip (https)
MD5: D346A3725622F981DDA7221799EF08E8
SHA256: 2DF76319D8513B1AD70D327816D3C1028B261EF1E314243DCD0DEC14FF1FC7CE

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: