Custom PE loaders are typical in malware nowadays. We will focus on the high-level part: loaders in custom format. We dont have: the initial loader. We have:: The Alien Files with a consistent format. Lets try to analyze the headers and guess what each field means. We can find artefacts indicating that this format was converted from a PE file. We are lucky: The loader is a loading chain that we just look inside and see how it works! One confirmed format is consistent.”]
Source: https://speakerdeck.com/hshrzd/funky-malware-formats