ExecutePeFromPngViaLNK: Extract and execute a PE embedded within a PNG file using an LNK file
ExecutePeFromPngViaLNK
Extract and execute a PE embedded within a PNG file using an LNK file. The PE file is encrypted using a single-key XOR algorithm and then injected as an IDAT section to the end of a specified PNG file.
Download
git clone https://github.com/Maldev-Academy/ExecutePeFromPngViaLNK.git
Use
- Use InsertPeIntoPng.py to create the embedded PNG file and generate the extraction LNK file:
The generated LNK file will have the icon of a PDF file by default, and it will expect the embedded PNG file to be in the same directory when executed. PE files will be stored under the %TEMP% directory for execution.
