📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Manalyze
  • StringSifter
  • PEframe
  • dllcharacteristics.py
  • pefile
  • PE Tree
  • pedump
  • pecheck
  • pev
  • PortEx
  • bearparser
  • debloat
  1. Discover the Tools
  2. Examine Static Properties

PE Files

Examine Static Properties

PreviousGeneralNextELF Files

Last updated 1 year ago

Manalyze

Perform static analysis of suspicious PE files.

Website: Author: Ivan Kwiatkowski: License: GNU General Public License (GPL) v3: Notes: Run "manalyze" to invoke the tool. To update the tool's Yara rules to include ClamAV, run "sudo /usr/local/manalyze/yara_rules/update_clamav_signatures.py". To query VirusTotal, add your API key to /usr/local/manalyze/manalyze.conf. State File:

StringSifter

Automatically rank strings based on their relevance to the analysis of suspicious Windows executables.

Website: Author: FireEye Inc. License: Apache License 2.0: Notes: flarestrings State File:

PEframe

Statically analyze PE and Microsoft Office files.

Website: Author: Gianni Amato: License: Free, unknown license Notes: peframe State File:

dllcharacteristics.py

Read and set DLL characteristics of a PE file.

Website: Author: Karlo Licudine: License: GNU General Public License (GPL) v3.0: State File:

pefile

Python library for analyzing static properties of PE files.

PE Tree

Examine contents and structure of PE files.

pedump

Statically analyze PE files and extract their components (e.g., resources).

pecheck

Analyze static properties of PE files.

pev

Analyze PE files and extract strings from them

PortEx

Statically analyze PE files.

bearparser

Parse PE file contents.

debloat

Remove junk contents from bloated Windows executables.

Website: Author: Ero Carrera: License: MIT License: Notes: State File:

Website: Author: BlackBerry Limited: and Tom Bonner: License: Apache License 2.0: Notes: pe-tree State File:

Website: Author: Andrey "Zed" Zaikin License: MIT License: State File:

Website: Author: Didier Stevens: License: Public Domain Notes: pecheck.py State File:

Website: Author: Fernando Merces, Jardel Weyrich License: GNU General Public License (GPL) v2: Notes: pestr, readpe, pedis, pehash, pescan, peldd, peres State File:

Website: Author: Karsten Hahn: License: Apache License 2.0: Notes: portex State File:

Website: Author: hasherezade: License: BSD 2-Clause "Simplified" License: Notes: bearcommander State File:

Website: Author: Squiblydoo: https://twitter.com/SquiblydooBlog License: BSD 3-Clause License: https://github.com/Squiblydoo/debloat/blob/main/LICENSE Notes: Run the command-line version as debloat or the GUI version as debloat-gui State File:

https://github.com/JusticeRage/Manalyze
https://twitter.com/JusticeRage
https://github.com/JusticeRage/Manalyze/blob/master/LICENSE.txt
remnux.tools.manalyze
https://github.com/fireeye/stringsifter
https://github.com/fireeye/stringsifter/blob/master/LICENSE
remnux.python3-packages.stringsifter
https://github.com/guelfoweb/peframe
https://twitter.com/guelfoweb
remnux.python3-packages.peframe
https://github.com/accidentalrebel/dllcharacteristics.py
https://twitter.com/accidentalrebel
https://github.com/accidentalrebel/dllcharacteristics.py/blob/master/LICENSE
remnux.scripts.dllcharacteristics
https://github.com/erocarrera/pefile
http://blog.dkbza.org
https://github.com/erocarrera/pefile/blob/master/LICENSE
https://github.com/erocarrera/pefile/blob/wiki/UsageExamples.md#introduction
remnux.python3-packages.pefile
https://github.com/blackberry/pe_tree
https://twitter.com/BlackBerrySpark
https://twitter.com/thomas_bonner
https://github.com/blackberry/pe_tree/blob/master/LICENSE
remnux.python3-packages.pe-tree
https://github.com/zed-0xff/pedump
https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt
remnux.rubygems.pedump
https://blog.didierstevens.com/2020/03/15/pecheck-py-version-0-7-10/
https://twitter.com/DidierStevens
remnux.scripts.pecheck
https://pev.sourceforge.io
https://github.com/mentebinaria/readpe/blob/master/LICENSE
remnux.packages.pev
https://github.com/katjahahn/PortEx
https://twitter.com/struppigel
https://github.com/katjahahn/PortEx/blob/master/LICENSE
remnux.packages.portex
https://github.com/hasherezade/bearparser/wiki
https://twitter.com/hasherezade
https://github.com/hasherezade/bearparser/blob/master/LICENSE
remnux.packages.bearparser
https://github.com/Squiblydoo/debloat
remnux.python3-packages.debloat