Best way to capture the wmf file generated by the framework?

[odinanne at comcast.net (odinanne)]

I tested a number of system using the calc.exe file referenced in an 
earlier post and AV quickly detected it.  Is it true that metasploite 
generated wmfs are not likely to be detected due to the random padding, 
etc.  Is it possible to use the framework to create a new wmf file to 
test AV?  If yes, how would this be done?  Thanks