ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The PE file is encrypted using a single-key XOR algorithm and then injected as an IDAT section to the end of a specified PNG file.

Quick Links

Maldev Academy Home

Maldev Academy Syllabus

Maldev Academy Pricing

Usage

Use InsertPeIntoPng.py to create the embedded PNG file and generate the extraction LNK file:

The generated LNK file will have the icon of a PDF file by default, and it will expect the embedded PNG file to be in the same directory when executed. PE files will be stored under the %TEMP% directory for execution.

Related

MaldevAcademyLdr.1 – Advanced EXE Loader Unveiled

October 3, 2023

In "Cyber security"

Badlnk : Reverse Shell In Shortcut File (.lnk)

May 26, 2020

In "Kali Linux"

Maldev-For-Dummies : A Workshop About Malware Development

August 15, 2022

In "Kali Linux"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Next Shadow-rs : Harnessing Rust's Power For Kernel-Level Security Research »

Previous « Red Team Certification - A Comprehensive Guide To Advancing In Cybersecurity Operations

Leave a Comment

Share

Published by

Varshini

Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools

1 year ago

Recent Posts

software

Modrinth – A Comprehensive Overview of Tools and Functions

Modrinth is a modern platform that’s rapidly changing the landscape of Minecraft modding, providing an…

6 hours ago

News

BlackSanta Malware A Stealthy Threat Targeting Recruiters and HR Teams

A new, highly sophisticated malware campaign named BlackSanta has emerged, primarily targeting HR and recruitment…

7 hours ago

TECH

Perplexity Launches Personal Computer Features

Perplexity has unveiled an exciting new feature, Personal Computer, which allows AI agents to seamlessly…

14 hours ago

Cyber security

Cyberattack or Smoke and Mirrors? The Truth Behind the Alleged Dimona Nuclear Breach

In a recent cyber incident, a group named CARDINAL, associated with the label Russian Legion,…

24 hours ago

OSINT

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

5 days ago

Top 10 Series

Best Linux Distros in 2026

Linux is renowned for its versatility, open-source nature, and security. Whether you're a beginner, developer,…

5 days ago

L