Write programs with notepad

I have been using the EICAR test virus to test different anti-virus products.

The EICAR test virus is a simple string that you can paste into notepad and save as test.exe…then if all is working properly your AntiVirus will popup and tell you it found a virus.

This is what it looks like:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

To be honest I hadn't really looked carefully at this file. I have been using it for years to verify that anti-virus was working properly.

Until today - I accidentally ran the test. I had my anti-virus turned off and I executed it from the command line. I thought it was just a random string of characters...but it is a functional program! It echoed back to me "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!"

So I researched and discovered it was a carefully crafted assembly language program. It was designed to only have assembly language op-codes that could be represented by standard ASCII characters. If you are interested...here is the assembly code:

POP AX
XOR AX,214F
PUSH AX
AND AX,4140
PUSH AX
POP BX
XOR AL,5C
PUSH AX
POP DX
POP AX
XOR AX,2834
PUSH AX
POP SI
SUB [BX],SI
INC BX
INC BX
SUB [BX],SI
JGE 0140

45 49 43 41 52 2D 53 54 41 EICAR-STA
4E 44 41 52 44 2D 41 4E 54 NDARD-ANT
49 56 49 52 55 53 2D 54 45 IVIRUS-TE
53 54 2D 46 49 4C 45 21 24 ST-FILE!$

INT 21
INT 20

Now here is the fun (And totally useless ) part. You can make the program say other stuff too…and once you do that it will no longer be detected by any anti-virus programs.

Lets try it.

Cut and paste this:

X5O!P%@AP[4\PZX54(P^)7CC)7}$——–====Hello World====——–$H+H*

Into notepad, and save it as test.exe somewhere on your hard drive. Now if you run it at the command line you get…

——–====Hello World====——–

The trick is…if you want to make your own you need to keep it the exact number of characters. *OR* recalculate the “JGE 0140″ assembly code and convert it back into ASCII…I will leave this as an exercise for the reader