This tiny project demonstrate how to use my tiny library UntEOF.pas to handle potential malicious data stored at the end of PE Files.
This technique is often used by Malware to store malicious files (wrapper), mal-plugins, configuration (botnets / rats / loader etc..) and so on.
Support both 32bit and 64bit PE File.
This project let you understand the concept of writing and reading data stored at the end of a PE File.
In this example, I store JSON String. But you could also store any kind of data (Records, Files etc..)
You can also read the full content of target file EOF as a plain text (displayed as text hex view).
I also wrote a tiny example (non recursive) about how to use that library to scan for infected files by EOF data (Based on PE Header informations).
- This detection function will be implemented in a futur project I'm working on.
- Port that library to Python.