PE Files
Examine Static Properties
Manalyze
Perform static analysis of suspicious PE files.
Website: https://github.com/JusticeRage/Manalyze Author: Ivan Kwiatkowski: https://twitter.com/JusticeRage License: GNU General Public License (GPL) v3: https://github.com/JusticeRage/Manalyze/blob/master/LICENSE.txt Notes: Run "manalyze" to invoke the tool. To update the tool's Yara rules to include ClamAV, run "sudo /usr/local/manalyze/yara_rules/update_clamav_signatures.py". To query VirusTotal, add your API key to /usr/local/manalyze/manalyze.conf. State File: remnux.tools.manalyze
StringSifter
Automatically rank strings based on their relevance to the analysis of suspicious Windows executables.
Website: https://github.com/fireeye/stringsifter Author: FireEye Inc. License: Apache License 2.0: https://github.com/fireeye/stringsifter/blob/master/LICENSE Notes: flarestrings State File: remnux.python3-packages.stringsifter
PEframe
Statically analyze PE and Microsoft Office files.
Website: https://github.com/guelfoweb/peframe Author: Gianni Amato: https://twitter.com/guelfoweb License: Free, unknown license Notes: peframe State File: remnux.python3-packages.peframe
dllcharacteristics.py
Read and set DLL characteristics of a PE file.
Website: https://github.com/accidentalrebel/dllcharacteristics.py Author: Karlo Licudine: https://twitter.com/accidentalrebel License: GNU General Public License (GPL) v3.0: https://github.com/accidentalrebel/dllcharacteristics.py/blob/master/LICENSE State File: remnux.scripts.dllcharacteristics
pefile
Python library for analyzing static properties of PE files.
Website: https://github.com/erocarrera/pefile Author: Ero Carrera: http://blog.dkbza.org License: MIT License: https://github.com/erocarrera/pefile/blob/master/LICENSE Notes: https://github.com/erocarrera/pefile/blob/wiki/UsageExamples.md#introduction State File: remnux.python3-packages.pefile
PE Tree
Examine contents and structure of PE files.
Website: https://github.com/blackberry/pe_tree Author: BlackBerry Limited: https://twitter.com/BlackBerrySpark and Tom Bonner: https://twitter.com/thomas_bonner License: Apache License 2.0: https://github.com/blackberry/pe_tree/blob/master/LICENSE Notes: pe-tree State File: remnux.python3-packages.pe-tree
pedump
Statically analyze PE files and extract their components (e.g., resources).
Website: https://github.com/zed-0xff/pedump Author: Andrey "Zed" Zaikin License: MIT License: https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt State File: remnux.rubygems.pedump
pecheck
Analyze static properties of PE files.
Website: https://blog.didierstevens.com/2020/03/15/pecheck-py-version-0-7-10/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: pecheck.py State File: remnux.scripts.pecheck
pev
Analyze PE files and extract strings from them
Website: https://pev.sourceforge.io Author: Fernando Merces, Jardel Weyrich License: GNU General Public License (GPL) v2: https://github.com/mentebinaria/readpe/blob/master/LICENSE Notes: pestr, readpe, pedis, pehash, pescan, peldd, peres State File: remnux.packages.pev
PortEx
Statically analyze PE files.
Website: https://github.com/katjahahn/PortEx Author: Karsten Hahn: https://twitter.com/struppigel License: Apache License 2.0: https://github.com/katjahahn/PortEx/blob/master/LICENSE Notes: portex State File: remnux.packages.portex
bearparser
Parse PE file contents.
Website: https://github.com/hasherezade/bearparser/wiki Author: hasherezade: https://twitter.com/hasherezade License: BSD 2-Clause "Simplified" License: https://github.com/hasherezade/bearparser/blob/master/LICENSE Notes: bearcommander State File: remnux.packages.bearparser
debloat
Remove junk contents from bloated Windows executables.
Website: https://github.com/Squiblydoo/debloat
Author: Squiblydoo: https://twitter.com/SquiblydooBlog
License: BSD 3-Clause License: https://github.com/Squiblydoo/debloat/blob/main/LICENSE
Notes: Run the command-line version as debloat or the GUI version as debloat-gui
State File: remnux.python3-packages.debloat
Last updated