This program will download a fake virus and save to disk trigging any antivirus alert message.
Reference:
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
Note:
The reference is much more complicated than this dropper. Basically the dropper will request a file and it will download the eicar virus test and save in that file forcing the antivirus to quarantine that file.
The reference talks about using the same dropper method to download eicar virus test to a folder and when the antivirus trigger the quarantine it will symlink the antivirus folder with the eicar virus test folder. Since antivirus has full access to the system this folder will have full access too. From there is possible to launch any app bypassing UAC or any other protection.
Download 1:
https://shon.xyz/Yesq5
Download 2:
https://www.uploadship.com/5b64d0c8c2dcffbb
Reference:
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
Note:
The reference is much more complicated than this dropper. Basically the dropper will request a file and it will download the eicar virus test and save in that file forcing the antivirus to quarantine that file.
The reference talks about using the same dropper method to download eicar virus test to a folder and when the antivirus trigger the quarantine it will symlink the antivirus folder with the eicar virus test folder. Since antivirus has full access to the system this folder will have full access too. From there is possible to launch any app bypassing UAC or any other protection.
Download 1:
https://shon.xyz/Yesq5
Download 2:
https://www.uploadship.com/5b64d0c8c2dcffbb