Extract and execute a PE embedded within a PNG file using an LNK file. The PE file is encrypted using a single-key XOR algorithm and then injected as an IDAT section to the end of a specified PNG file.
- Use
InsertPeIntoPng.pyto create the embedded PNG file and generate the extraction LNK file:
The generated LNK file will have the icon of a PDF file by default, and it will expect the embedded PNG file to be in the same directory when executed. PE files will be stored under the %TEMP% directory for execution.
