Error reconstructing PE from the found artifacts (64 bit PE)

Sample:
[e818738311bc1d540a23f3235d75e5a9d79ee75e8661bf34e54cdb7755e619e3](https://www.virustotal.com/gui/file/e818738311bc1d540a23f3235d75e5a9d79ee75e8661bf34e54cdb7755e619e3/detection)

The implanted PEs are detected, yet, they are dumped as `.corrupt_dll`s. The reconstructions fails.
Detected artifacts:


```json
   "workingset_scan" : {
    "module" : "4d1f9b0000",
    "status" : 1,
    "has_pe" : 1,
    "has_shellcode" : 0,
    "is_listed_module" : 0,
    "protection" : "40",
    "mapping_type" : "MEM_PRIVATE",
    "pe_artefacts" : {
     "pe_base_offset" : "0",
     "sections_hdrs" : "1f8",
     "sections_count" : 5,
     "is_dll" : 1,
     "is_64_bit" : 1
    }
   }
  },
  {
   "workingset_scan" : {
    "module" : "4d21340000",
    "status" : 1,
    "has_pe" : 1,
    "has_shellcode" : 1,
    "is_listed_module" : 0,
    "protection" : "40",
    "mapping_type" : "MEM_PRIVATE",
    "pe_artefacts" : {
     "pe_base_offset" : "ce8",
     "nt_file_hdr" : "ddc",
     "sections_hdrs" : "ee0",
     "sections_count" : 5,
     "is_dll" : 1,
     "is_64_bit" : 1
    }
   }
```
Dumped artifacts:
[artifacts.zip](https://github.com/hasherezade/pe-sieve/files/6718240/artifacts.zip)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Error reconstructing PE from the found artifacts (64 bit PE) #85

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Error reconstructing PE from the found artifacts (64 bit PE) #85

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions