📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • TrID
  • Magika
  • Yara Rules
  • Detect-It-Easy
  • ExifTool
  • DroidLysis
  • zipdump.py
  • msitools
  • numbers-to-string.py
  • re-search.py
  • disitool
  • Name-That-Hash
  • Hash ID
  • signsrch
  • ssdeep
  • 7-Zip
  • wxHexEditor
  • ClamAV
  • bulk_extractor
  • Hachoir
  • Sleuth Kit
  • binwalk
  • file
  1. Discover the Tools
  2. Examine Static Properties

General

Examine Static Properties

PreviousExamine Static PropertiesNextPE Files

Last updated 10 months ago

TrID

Identify file type using signatures.

Website: Author: Marco Pontello License: Free, unknown license Notes: trid, tridupdate State File:

Magika

Identify file type using signatures.

Website: Author: Google License: Apache License 2.0 () State File:

Yara Rules

Statically scan a file to identify common malicious capabilities.

Website: Author: A group of IT security researchers: License: GNU General Public License (GPL) v2: Notes: To scan a file using these rules, you can use the wrapper around Yara: yara-rules FILE, where FILE is the path to the file you wish to scan. State File:

Detect-It-Easy

Determine types of files and examine file properties.

Website: Author: hors: License: Notes: GUI tool: die, command-line tool: diec. State File:

ExifTool

Tool to read from, write to, and edit EXIF metadata of various file types

DroidLysis

Perform static analysis of Android applications.

zipdump.py

Analyze zip-compressed files.

msitools

Create, inspect and extract Windows Installer (.msi) files.

numbers-to-string.py

Convert decimal numbers to strings.

re-search.py

Search the file for built-in regular expressions of common suspicious artifacts.

disitool

Manipulate embedded digital signatures.

Name-That-Hash

Identify dfferent types of hashes.

Hash ID

Identify dfferent types of hashes.

signsrch

Find patterns of common encryption, compression, or encoding algorithms

ssdeep

Compute Context Triggered Piecewise Hashes (CTPH), also known as fuzzy hashes.

7-Zip

Compress and decompress files using a variety of algorithms.

wxHexEditor

Hex editor

ClamAV

Scan files for malware signatures.

bulk_extractor

Extract interesting strings from binary files.

Hachoir

View, edit, and carve contents of various binary file types.

Sleuth Kit

Analyze disk images and recover files from them.

binwalk

Extract and analyze firmware images.

file

Identify file type using "magic" numbers.

Website: Author: Phil Harvey License: "This is free software; you can redistribute it and/or modify it under the same terms as Perl itself": Notes: exiftool State File:

Website: Author: cryptax License: MIT License: Notes: droidlysis State File:

Website: Author: Didier Stevens: License: Public Domain State File:

Website: Author: Paolo Bonzini, Marc-Andre Lureau: License: GNU Lesser General Public License (LGPL) v2.1 or later: State File:

Website: Author: Didier Stevens: License: Public Domain State File:

Website: Author: Didier Stevens: License: Public Domain State File:

Website: Author: Didier Stevens License: Public Domain Notes: disitool.py State File:

Website: Author: randon / Bee: License: GNU General Public License (GPL) v3.0: () Notes: nth State File:

Website: Author: Zion3R License: GNU General Public License (GPL) v3 Notes: hash-id.py State File:

Website: Author: Luigi Auriemma License: Free, unknown license State File:

Website: Author: Jesse Kornblum, Helmut Grohne, Tsukasa OI License: GNU General Public License (GPL) v2: State File:

Website: Author: Igor Pavlov License: GNU Lesser General Public License (LGPL) Notes: 7-Zip standard: 7z, 7za, 7zr. For latest alpha version, use 7zz instead of 7z. State File:

Website: Author: Unknown License: GNU General Public License (GPL) v2: State File:

Website: Author: License: GNU General Public License (GPL): Notes: clamscan, freshclam State File:

Website: Author: License: Portions Public Domain, portions MIT License: State File:

Website: Author: License: GNU General Public License (GPL) v2: Notes: hachoir-grep, hachoir-metadata, hachoir-strip, hachoir-wx State File:

Website: Author: Brian Carrier, and others License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: Notes: For a listing of commands, see State File:

Website: Author: Craig Heffner, ReFirmLabs License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: Notes: MIT License: State File:

Website: Author: Ian F. Darwin, Christos Zoulas License: BSD 2-Clause "Alike" License: State File:

https://mark0.net/soft-trid-e.html
remnux.tools.trid
https://google.github.io/magika
https://github.com/google/magika/blob/main/LICENSE
remnux.python3-packages.magika
https://github.com/Yara-Rules/rules
https://twitter.com/yararules
https://github.com/Yara-Rules/rules/blob/master/LICENSE
remnux.tools.yara-rules
https://github.com/horsicq/Detect-It-Easy
https://twitter.com/horsicq
https://github.com/horsicq/Detect-It-Easy/blob/master/LICENSE
remnux.tools.detect-it-easy
https://exiftool.org/
https://exiftool.org/#license
remnux.perl-packages.exiftool
https://github.com/cryptax/droidlysis
https://github.com/cryptax/droidlysis/blob/master/LICENSE
remnux.python3-packages.droidlysis
https://blog.didierstevens.com/2020/07/27/update-zipdump-py-version-0-0-20/
https://twitter.com/DidierStevens
remnux.scripts.zipdump
https://wiki.gnome.org/msitools
https://gitlab.gnome.org/GNOME/msitools/-/blob/master/AUTHORS
https://gitlab.gnome.org/GNOME/msitools/-/blob/master/copyright
remnux.packages.msitools
https://blog.didierstevens.com/2020/12/12/update-numbers-to-string-py-version-0-0-11/
https://twitter.com/DidierStevens
remnux.scripts.numbers-to-string
https://blog.didierstevens.com/2021/05/23/update-re-search-py-version-0-0-17/
https://twitter.com/DidierStevens
remnux.scripts.re-search
https://blog.didierstevens.com/programs/disitool/
remnux.scripts.disitool
https://github.com/HashPals/Name-That-Hash
https://twitter.com/bee_sec_san
https://github.com/HashPals/Name-That-Hash/blob/main/LICENSE
remnux.python3-packages.name-that-hash
https://github.com/blackploit/hash-identifier
remnux.scripts.hash-identifier
http://aluigi.altervista.org/mytoolz.htm
remnux.packages.signsrch
https://ssdeep-project.github.io/ssdeep/index.html
https://github.com/ssdeep-project/ssdeep/blob/master/COPYING
remnux.packages.ssdeep
https://www.7-zip.org
remnux.packages.7zip
https://sourceforge.net/projects/wxhexeditor/
https://sourceforge.net/p/wxhexeditor/code/HEAD/tree/trunk/docs/GPL.txt
remnux.packages.wxhexeditor
https://www.clamav.net
https://www.clamav.net/about
https://www.clamav.net/about
remnux.packages.clamav-daemon
https://github.com/simsong/bulk_extractor/
https://github.com/simsong/bulk_extractor/blob/master/AUTHORS
https://github.com/simsong/bulk_extractor/blob/master/LICENSE.md
remnux.packages.bulk-extractor
https://github.com/vstinner/hachoir
https://hachoir.readthedocs.io/en/latest/authors.html
https://github.com/vstinner/hachoir/blob/master/COPYING
remnux.python3-packages.hachoir
https://www.sleuthkit.org/sleuthkit
https://www.sleuthkit.org/sleuthkit/licenses.php
http://wiki.sleuthkit.org/index.php?title=TSK_Tool_Overview
remnux.packages.sleuthkit
https://github.com/ReFirmLabs/binwalk
https://www.sleuthkit.org/sleuthkit/licenses.php
https://github.com/ReFirmLabs/binwalk/blob/master/LICENSE
remnux.packages.binwalk
http://astron.com/pub/file/README
https://github.com/file/file/blob/master/COPYING
remnux.packages.file