EICAR standard antivirus test file

1. ;This is an Assembly File to generate the EICAR AntiVirus Test File
2.  
3. org 0100h   ;Make this a DOS .com Executable
4.  
5. pop  ax     ;AX=0           SS:[SP]=0
6. xor  ax,214Fh   ;AX=0x214F
7. push ax     ;SP=0xFFFE      SS:[SP]=0x214F
8. and  ax,4140h   ;AX=0x0140      ->0x0140=instruction Location after the EICAR String
9. push ax     ;SP=0xFFFC      SS:[SP]=0x0140
10. pop  bx     ;BX=0x0140      SP=0xFFFE
11. xor  al,5Ch ;AX=0x011C      ->0x011C=EICAR String Memory Location
12. push ax     ;SP=0xFFFC      SS:[SP]=0x011C
13. pop  dx     ;DX=0x011C      SP=0xFFFE
14. pop  ax     ;AX=0x214F      SP=0x0
15. xor  ax,2834h   ;AX=0x097B
16. push ax     ;SP=0xFFFE      SS:[SP]=0x097B
17. pop  si     ;SI=0x097B      SP=0x0
18. sub  [bx],si    ;[0x0140]=0x2B48-0x097B=0x21CD ->Self modify Code: change Instruction at 0x0140 to "int 0x21" (DOS print string call)
19. inc  bx     ;BX=0x0141
20. inc  bx     ;BX=0x0142
21. sub  [bx],si    ;[0x0142]=0x2A48-0x097B=0x20CD ->Change Instruction at 0x0142 to "int 0x20" (DOS exit call)
22. jge  0140h  ;Jump to the (meanwhile) changed Instruction at 0x0140
23. ;Above is the "Jump if greater or equal" Instruction, but because of the Subtraction
24. ;this Jump is always performed. (ZS Flag is unset after Subtraction)
25. DB   "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$"
26. dec  ax         ;These two Instructions are just here to
27. sub  cx,[bx+si+2Ah] ;occupy space and are rewritten at Runtime
28.  
29. ;Conclusion
30. ;==========
31. ;
32. ;We did the folowing:
33. ;
34. ;1. use only ASCII printable chars to output Text
35. ;2. modify the Code at runtme with the non ASCII-printable interrupt calls
36. ;
37. ;We could do instead (if non ASCII-printables is allowed):
38. ;----------------------
39. ;org  0100h     ;Declare this as a DOS .com File -> Statement depends on Assembler used.
40. ;mov  dx,msg    ;Depending on the Assembler, the Modifier "OFFSET" is required before msg
41. ;mov  ax,097Bh  ;Put the Print String Function (0x09) in AH Register (AL is 0x7B but we don't care)
42. ;int  21h       ;Call the Print Function
43. ;int  20h       ;Exit the Application
44. ;msg  DB        "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$"
45. ;----------------------
46. ;This will generate a smaller .com File that contains non-ASCII-printable chars in it.
47. ;Above Code does not generates the EICAR File
48. ;
49. ;Do we have another Method for generating a valid EICAR File?
50. ;
51. ;Yes:
52. ;Create a new File with only the Folowing line and assemble it.
53. ;----------------------
54. ;DB "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
55. ;----------------------
56. ;Come on, that's silly!
57. ;- But it works!
58. ;  You may also wish to add "org 0100h" as the first line for it to generate valid .com Files