EICAR-Test-File is not a threat, it was created to imitate the detection of a threat by antivirus software. It is a 68-byte file with the .com extension which displays a text message.
Earlier, different files were created by cybersecurity software vendors to demonstrate how their solutions behave upon detection of a threat. Later, the vendors have agreed upon developing a standard simulator which consists of a simple line of text. This allows any user to initiate a detection manually, e.g. by copying the text to a file from the documentation.
The resulting EICAR file looks like this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
When you run the file, it will show the message EICAR-STANDARD-ANTIVIRUS-TEST-FILE! and return the control to the operating system. Cybersecurity software normally detects it as EICAR-Test-File.
You can download the eicar test file as follows:
- The eicar.zip archive via HTTPS / HTTP from the Kaspersky server.
- The eicar.com executable file via HTTPS from the official eicar.org website.
You can also copy this line of code and save it to a text file on your computer.
