I helped a friend creating picture files to be detected by anti-virus. They are not malicious: they don’t execute code neither trigger a vulnerability.
The EICAR test file is detected by many anti-virus programs, except when it is appended to arbitrary files (this is according to specs).
Starting with a one-pixel JPEG and PNG file, I append the EICAR test file. And with a JPEG file, I can also insert the EICAR file as a comment:
The detection scores on VirusTotal show that these files are not detected by many anti-virus programs:
That wasn’t good enough for my friend, she needed something with a higher detection score.
Since several years now, there is a Windows program that triggers many anti-virus programs: mimikatz.
When I try mimikatz with picture files, I get better detection scores than for the EICAR test file (as I expected):
And I have a picture file with even higher detection scores, but you’ll have to wait until April Fools day for the details .
Article Link: https://blog.didierstevens.com/2020/03/30/mimikatz-is-my-new-eicar/