Comment on page

PE Files

Examine Static Properties

Manalyze

Perform static analysis of suspicious PE files.
Website: https://github.com/JusticeRage/Manalyze Author: Ivan Kwiatkowski: https://twitter.com/JusticeRage License: GNU General Public License (GPL) v3: https://github.com/JusticeRage/Manalyze/blob/master/LICENSE.txt Notes: Run "manalyze" to invoke the tool. To update the tool's Yara rules to include ClamAV, run "sudo /usr/local/manalyze/yara_rules/update_clamav_signatures.py". To query VirusTotal, add your API key to /usr/local/manalyze/manalyze.conf. State File: remnux.tools.manalyze

StringSifter

Automatically rank strings based on their relevance to the analysis of suspicious Windows executables.
Website: https://github.com/fireeye/stringsifter Author: FireEye Inc. License: Apache License 2.0: https://github.com/fireeye/stringsifter/blob/master/LICENSE Notes: flarestrings State File: remnux.python3-packages.stringsifter

PEframe

Statically analyze PE and Microsoft Office files.
Website: https://github.com/guelfoweb/peframe Author: Gianni Amato: https://twitter.com/guelfoweb License: Free, unknown license Notes: peframe State File: remnux.python3-packages.peframe

dllcharacteristics.py

Read and set DLL characteristics of a PE file.

pefile

Python library for analyzing static properties of PE files.

PE Tree

Examine contents and structure of PE files.

pedump

Statically analyze PE files and extract their components (e.g., resources).
Website: https://github.com/zed-0xff/pedump Author: Andrey "Zed" Zaikin License: MIT License: https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt State File: remnux.rubygems.pedump

pecheck

Analyze static properties of PE files.
Website: https://blog.didierstevens.com/2020/03/15/pecheck-py-version-0-7-10/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: pecheck.py State File: remnux.scripts.pecheck

pev

Analyze PE files and extract strings from them
Website: http://pev.sourceforge.net Author: Fernando Merces, Jardel Weyrich License: GNU General Public License (GPL) v2: https://github.com/merces/pev/blob/master/LICENSE Notes: pestr, readpe, pedis, pehash, pescan, peldd, peres State File: remnux.packages.pev

PortEx

Statically analyze PE files.

bearparser

Parse PE file contents.
Website: https://github.com/hasherezade/bearparser/wiki Author: hasherezade: https://twitter.com/hasherezade License: BSD 2-Clause "Simplified" License: https://github.com/hasherezade/bearparser/blob/master/LICENSE Notes: bearcommander State File: remnux.packages.bearparser

debloat

Remove junk contents from bloated Windows executables.
Website: https://github.com/Squiblydoo/debloat Author: Squiblydoo: https://twitter.com/SquiblydooBlog License: BSD 3-Clause License: https://github.com/Squiblydoo/debloat/blob/main/LICENSE Notes: Run the command-line version as debloat or the GUI version as debloat-gui State File: remnux.python3-packages.debloat
Last modified 3mo ago