I helped a friend creating picture files to be detected by anti-virus. They are not malicious: they don’t execute code neither trigger a vulnerability.
The EICAR test file is detected by many anti-virus programs, except when it is appended to arbitrary files (this is according to specs).
Starting with a one-pixel JPEG and PNG file, I append the EICAR test file. And with a JPEG file, I can also insert the EICAR file as a comment:
The detection scores on VirusTotal show that these files are not detected by many anti-virus programs:JPEG + EICAR: 6/55 PNG + EICAR: 7/58 JPEG + EICAR comment: 2/57
That wasn’t good enough for my friend, she needed something with a higher detection score.
Since several years now, there is a Windows program that triggers many anti-virus programs: mimikatz.
When I try mimikatz with picture files, I get better detection scores than for the EICAR test file (as I expected):
JPEG + MIMIMATZ.EXE: 19/58 PNG + MIMIMATZ.EXE: 15/57 JPEG + MIMIMATZ.DLL: 12/57
And I have a picture file with even higher detection scores, but you’ll have to wait until April Fools day for the details .