You're welcome 😊

Not directly, no. I suppose an OLE object could be stored in an overlay, since they are just arbitrary content beyond the end of a "normal" PE file.

Depends on what you are using to analyze the PE file. I don't recall exactly what I said in this video so perhaps you're referring to a comment, but some tools make it easy to extract while others require a bit more work :)

Glad you think so!

Glad you found it helpful!

You're welcome!

Added - thanks for the reminder! You can find most, if not all, of the samples I use on the Malware Bazaar by AbuseCH.

@@jstrosch Thanks of reply. I have question regarding overlays. If pe file contains valid digitalSiganture and if we try to add overlay to it, Will it be still valid digitalsignature or invalid?

@@blueteams5495 Hm, interesting question. I'm not sure off-hand, I would think that if there is a signature and you added an overlay, disregarding that sig, you would simply overwrite it. It looks like you can locate the digital signature and it's size via the Data Directory structures in the image_optional_header structure, so my thoughts are that you could append additional overlay data beyond that (xstackoverflow.com/questions/47646135/where-is-the-digital-signature-stored-when-code-signing-a-exe-file-in-windows). But, I haven't had a chance to try it out... so just a working theory at this point :)

I’ll take a look and add it to my content schedule :)

Thanks :) What do you mean by promos though…?