During recent malware analysis, I had a need to quickly extract overlays from a bunch of PE files. This can be done with this new version: use option “-g o” to get the overlay:
Option -A (rle ASCII dump) is also new.
And option -y (yara) supports regex (#r#) and hexadecimal (#x#) ad-hoc rules.
pecheck-v0_7_6.zip (https)
MD5: C07704E37FB1C18B769BB5336CD2478A
SHA256: 312E730F6DE784808B6E5BE355752803F281F7DC838E4B9C6B3FE924622F47F8
Article Link: https://blog.didierstevens.com/2019/03/25/update-pecheck-py-version-0-7-6/