-
Notifications
You must be signed in to change notification settings - Fork 433
3.2. Payload reconstruction: PE header
@hasherezade edited this page Jan 20, 2019
·
1 revision
Some of the malware authors try to prevent from automated payload dumping by intentionally erasing and corrupting PE header.
However, in case if there are some minimal artefacts left, PE-sieve is still able to detect them, and to reconstruct the PE header from the remainings.
Demonstrated on the video.