Phrozen Timeline

This technique is often used by Malware to hide their presence on system after execution. The application self-delete after the end of its execution. The best method to archive a such goal is through process injection.



This Delphi unit demonstrate how to manipulate EOF Data of a Valid Microsoft Windows Portable Executable (PE) File.

EOF (End Of File) is often used by Malware authors to offer their Malware users a way to edit Malware payload configuration (Ex: C2 informations) without having access to source code.

You often encounter such techniques in:

  • Remote Access Tool/Trojan (RAT)
  • File Wrapper / Binder
  • Downloader
  • Loader / Botnets