👾

Latest Malware Samples

Analyze recent malware samples, security research, threat analysis and cyber intelligence updates.

Explore Samples



Sunday, November 10, 2024

 

The Basics of Overlays in PE Files

YouTube - The Basics of Overlays in PE Files

Sample (SHA256): 294a15b8d5df132b50a68c5ac19a6c7aafc8b051983a28e7bf182bff6aa2ef15.exe.bin
Extracted Overlay: overlay.bin
Python script to decompress zlib: zlib_decompress.py
YARA rule for overaly detection: pe_contains_overlay.yara

password of: infected

Analysis source: Malware Bazaar
Recording date: 2023-01-02

This sample highlights overlays in PE files. In this video, I'll cover the basics of overlays, how to detect them using Detect-It-Easy and PEStudio, and create a very simple Yara rule. The sample is DCRat and the overaly contains a RAR file.

 

YARA Rule for Detecting Overlays

import "pe"

rule pe_contains_overlay {
    meta:
        description = "Rule to detect overlay in a PE file."
        author = "@jstrosch"
        date = "2023-01-02"
    condition:
        uint16(0) == 0x5a4d and pe.overlay.size > 0
}

 

Downloads

 

 

 

 

Share

& Comment

0 Comments:

Post a Comment

 

Copyright By © 2025 SecurityTalent™

SecurityTalent Github Banner

$ cat whoami.txt

whoami.txt
Name ── MD Mehedi Hasan (Security Talent)
Role ── Front-End Developer | Problem Solver
Penetration Tester (Web, API, App) | Malware Analyst
Focus ── Web Development | Malware Analyst | Malware Development | Secure Coding

$ cat links.cfg

Facebook YouTube LinkedIn Instagram Twitter Threads Telegram Mastodon Stack Overflow Daily.dev Hashnode Gmail Medium

$ npm ls --global

NPM Packages

$ cat freelancing.cfg

Upwork

$ cat stats.out

$ ls skills/

Javascript Typescript React Next.js Node.js Bootstrap MUI jQuery jQuery UI daisyUI Sass Tailwind CSS Redux Toolkit Visual Studio Git Vercel Kali Linux
GitHub Stats