Jump to content

EICAR test file

DragonMaster Jay

Recommended Posts

ya i know what ur talking about...

i herd about that eicar test file months ago, but its totally useless actually. if u go on VT and scan, hardly any of the anti-viruses catch it on purpose.

and as spycar, is designed to mimic spyware-like behavior, but usually the link for download is blocked.

eicar is just a code, and does no malicous behavior unlike spycar, which MIMICS spywares.

I hope this asnwers your questions. :P

Link to post
Share on other sites

You seem to misunderstand the importance of this file, and what could happen if you change the internal assembly to a write code. If you add write features to this sample virus code, it will not be pretty to your OS. The fact that you can do an Assembly code analysis, as I did above, proves that the researchers whom designed it, were specifically aiming for what real virus code would look like.

If you do an analysis (if you know Assembly code) of this file, you will realize it has all that is needed to implement a real virus. It contains an instruction pointer, a stack pointer, a data string, DOS function, and two places where it changes its bytes to make it polymorphic. One of the worst type of viruses we deal with is polymorphic viruses. EICAR test file is still a good example virus and should still be used.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.