Phrozen Timeline - Phrozen
Manipulation and Detection of EOF 23 Nov 2020


This Delphi unit demonstrate how to manipulate EOF Data of a Valid Microsoft Windows Portable Executable (PE) File.

EOF (End Of File) is often used by Malware authors to offer their Malware users a way to edit Malware payload configuration (Ex: C2 informations) without having access to source code.

You often encounter such techniques in:

  • Remote Access Tool/Trojan (RAT)
  • File Wrapper / Binder
  • Downloader
  • Loader / Botnets