Select a test payload...
Each test will open up a new browser window at http://malware.wicar.org/. You may wish to try each test systematically. Ideally, all tests should be blocked by your anti-malware defences. If a blank window loads, then it likely was not detected/prevented.
[SSL] JavaScript based Cryptocurrency Miner
Consumes 70% of CPU and some RAM
(Proceeds will be used to fund WICAR)
Consumes 70% of CPU and some RAM
(Proceeds will be used to fund WICAR)
DISCLAIMER: We cannot accept any responsibility or liability for any loss, damage, cost or expense you might incur as a result of the use of, or reliance upon, the materials which appear at this or any linked site.
We have tested all the modules in our lab and confirmed them as working. Your mileage may vary however, depending on software version, configuration changes, service pack, operating system release and processor architecture, and may result in either:
If there is an exploit you would like to see added, please see the github repository, or contact us.
We have tested all the modules in our lab and confirmed them as working. Your mileage may vary however, depending on software version, configuration changes, service pack, operating system release and processor architecture, and may result in either:
- Your browser exiting and opening the Windows calculator (vulnerable). [demonstration video - youtube]
- Your browser opening the file and nothing happens (patched / immune).
- Your browser displaying an error message or crashing (vulnerable but your system does not match the correct exploit conditions).
If there is an exploit you would like to see added, please see the github repository, or contact us.
The wicar.org website was designed to test the correct operation your anti-virus / anti-malware software. The following table contains static HTML pages with known malicious content, based on the Metasploit Framework. The exploits contain a non-malicious payload which under Windows will execute 'calc.exe', the in-built calculator (if your browser is vulnerable). Your anti-malware software should prevent you accessing these pages... if not, there is something wrong with your anti-malware solution or the vulnerability trigger for a specific exploit is not specific enough for anti-malware to detect.