PE Files

Examine Static Properties

Manalyze

Perform static analysis of suspicious PE files.

Website: https://github.com/JusticeRage/Manalyze Author: Ivan Kwiatkowski: https://twitter.com/JusticeRage License: GNU General Public License (GPL) v3: https://github.com/JusticeRage/Manalyze/blob/master/LICENSE.txt Notes: Run "manalyze" to invoke the tool. To update the tool's Yara rules to include ClamAV, run "sudo /usr/local/manalyze/yara_rules/update_clamav_signatures.py". To query VirusTotal, add your API key to /usr/local/manalyze/manalyze.conf. State File: remnux.tools.manalyze

StringSifter

Automatically rank strings based on their relevance to the analysis of suspicious Windows executables.

Website: https://github.com/fireeye/stringsifter Author: FireEye Inc. License: Apache License 2.0: https://github.com/fireeye/stringsifter/blob/master/LICENSE Notes: flarestrings State File: remnux.python3-packages.stringsifter

PEframe

Statically analyze PE and Microsoft Office files.

Website: https://github.com/guelfoweb/peframe Author: Gianni Amato: https://twitter.com/guelfoweb License: Free, unknown license Notes: peframe State File: remnux.python3-packages.peframe

pefile

Python library for analyzing static properties of PE files.

Website: https://github.com/erocarrera/pefile Author: Ero Carrera: http://blog.dkbza.org License: MIT License: https://github.com/erocarrera/pefile/blob/master/LICENSE Notes: https://github.com/erocarrera/pefile/blob/wiki/UsageExamples.md#introduction State File: remnux.python3-packages.pefile

PE Tree

Examine contents and structure of PE files.

Website: https://github.com/blackberry/pe_tree Author: BlackBerry Limited: https://twitter.com/BlackBerrySpark and Tom Bonner: https//twitter.com/thomas_bonner License: Apache License 2.0: https://github.com/blackberry/pe_tree/blob/master/LICENSE Notes: pe-tree State File: remnux.python3-packages.pe-tree

pefile

Python library for analyzing static properties of PE files.

Website: https://github.com/erocarrera/pefile Author: Ero Carrera: http://blog.dkbza.org License: MIT License: https://github.com/erocarrera/pefile/blob/master/LICENSE Notes: https://github.com/erocarrera/pefile/blob/wiki/UsageExamples.md#introduction State File: remnux.python-packages.pefile

pedump

Statically analyze PE files.

Website: https://github.com/zed-0xff/pedump Author: Andrey "Zed" Zaikin License: MIT License: https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt State File: remnux.rubygems.pedump

pecheck

Analyze static properties of PE files.

Website: https://blog.didierstevens.com/2020/03/15/pecheck-py-version-0-7-10/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain State File: remnux.scripts.pecheck

pev

Analyze PE files and extract strings from them

Website: http://pev.sourceforge.net Author: Fernando Merces, Jardel Weyrich License: GNU General Public License (GPL) v2: https://github.com/merces/pev/blob/master/LICENSE Notes: pestr, readpe, pedis, pehash, pescan State File: remnux.packages.pev

PortEx

Statically analyze PE files.

Website: https://github.com/katjahahn/PortEx Author: Karsten Hahn: https://twitter.com/struppigel License: Apache License 2.0: https://github.com/katjahahn/PortEx/blob/master/LICENSE Notes: portex State File: remnux.packages.portex

bearparser

Parse PE file contents.

Website: https://github.com/hasherezade/bearparser/wiki Author: hasherezade: https://twitter.com/hasherezade License: BSD 2-Clause "Simplified" License: https://github.com/hasherezade/bearparser/blob/master/LICENSE Notes: bearcommander State File: remnux.packages.bearparser