SecurityTalent

Security Talent is a public BD Malware Sample Database curated by MD Mehedi Hasan, dedicated to supporting the infosec community, antivirus vendors, and threat intelligence professionals. It enables users to upload and explore malware samples, gaining insights into malicious behavior. By leveraging this intelligence, Security Talent helps identify, track, and mitigate cyber threats, including malware and botnets, enhancing security defenses and contributing to global cybersecurity efforts.

Sunday, November 10, 2024

DCRat/DarkCrystalRAT Malware-samples Downloads and full analysis documentation

Published on November 10, 2024 By: securitytalent In:

The Basics of Overlays in PE Files

YouTube - The Basics of Overlays in PE Files

Sample (SHA256): 294a15b8d5df132b50a68c5ac19a6c7aafc8b051983a28e7bf182bff6aa2ef15.exe.bin
Extracted Overlay: overlay.bin
Python script to decompress zlib: zlib_decompress.py
YARA rule for overaly detection: pe_contains_overlay.yara

password of: infected

Analysis source: Malware Bazaar
Recording date: 2023-01-02

This sample highlights overlays in PE files. In this video, I'll cover the basics of overlays, how to detect them using Detect-It-Easy and PEStudio, and create a very simple Yara rule. The sample is DCRat and the overaly contains a RAR file.

YARA Rule for Detecting Overlays

import "pe"

rule pe_contains_overlay {
    meta:
        description = "Rule to detect overlay in a PE file."
        author = "@jstrosch"
        date = "2023-01-02"
    condition:
        uint16(0) == 0x5a4d and pe.overlay.size > 0
}

Downloads

& Comment

SecurityTalent

Sunday, November 10, 2024

DCRat/DarkCrystalRAT Malware-samples Downloads and full analysis documentation

The Basics of Overlays in PE Files

YARA Rule for Detecting Overlays

Downloads

Share

0 Comments:

Post a Comment

Popular Posts

Comments

SecurityTalent is a public malware database maintained by MD Mehedi Hasan.

Contact Form

Archive

About

Popular Posts

Introductory Video