Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/darkcodersc/peof-detector
Little project that use my tiny library to handle PE File EOF Data.
https://github.com/darkcodersc/peof-detector
delphi eof eof-analysis malware pascal
Last synced: 19 days ago
JSON representation
Little project that use my tiny library to handle PE File EOF Data.
- Host: GitHub
- URL: https://github.com/darkcodersc/peof-detector
- Owner: DarkCoderSc
- License: mit
- Created: 2019-11-09T14:58:25.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2019-11-09T15:26:27.000Z (about 5 years ago)
- Last Synced: 2024-11-19T20:54:55.635Z (2 months ago)
- Topics: delphi, eof, eof-analysis, malware, pascal
- Language: Pascal
- Homepage:
- Size: 13.7 KB
- Stars: 10
- Watchers: 4
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# peof-detector
This tiny project demonstrate how to use my tiny library `UntEOF.pas` to handle potential malicious data stored at the end of PE Files.
This technique is often used by Malware to store malicious files (wrapper), mal-plugins, configuration (botnets / rats / loader etc..) and so on.
Support both 32bit and 64bit PE File.
## Read / Write Plain Data
This project let you understand the concept of writing and reading data stored at the end of a PE File.
In this example, I store JSON String. But you could also store any kind of data (Records, Files etc..)
## Read EOF Data (Hex View)
You can also read the full content of target file EOF as a plain text (displayed as text hex view).
## Scan for potential infected files (EOF Detection)
I also wrote a tiny example (non recursive) about how to use that library to scan for infected files by EOF data (Based on PE Header informations).
## Then
- This detection function will be implemented in a futur project I'm working on.
- Port that library to Python.