πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
Search…
πŸ“„
πŸ“„
πŸ“„
πŸ“„
REMnux Documentation
REMnux: A Linux Toolkit for Malware Analysis
Install the Distro
Get the Virtual Appliance
Install from Scratch
Add to an Existing System
Run REMnux as a Container
Keep the Distro Up to Date
Discover the Tools
Examine Static Properties
General
PE Files
ELF Files
Deobfuscation
Statically Analyze Code
Dynamically Reverse-Engineer Code
Perform Memory Forensics
Explore Network Interactions
Investigate System Interactions
Analyze Documents
Gather and Analyze Data
View or Edit Files
General Utilities
Run Tools in Containers
Docker Images of Malware Analysis Tools
Behind the Scenes
People
Technologies
License
Tips and More
REMnux Configuration Tips
REMnux Tool Tips
Malware Analysis Training
REMnux Website
Get Involved
Ask and Answer Questions
Write About the Tools
Add or Update Tools
Implement Enhancements
Powered By GitBook
PE Files
Examine Static Properties

Manalyze

Perform static analysis of suspicious PE files.
Website: https://github.com/JusticeRage/Manalyze Author: Ivan Kwiatkowski: https://twitter.com/JusticeRage License: GNU General Public License (GPL) v3: https://github.com/JusticeRage/Manalyze/blob/master/LICENSE.txt Notes: Run "manalyze" to invoke the tool. To update the tool's Yara rules to include ClamAV, run "sudo /usr/local/manalyze/yara_rules/update_clamav_signatures.py". To query VirusTotal, add your API key to /usr/local/manalyze/manalyze.conf. State File: remnux.tools.manalyze​

StringSifter

Automatically rank strings based on their relevance to the analysis of suspicious Windows executables.
Website: https://github.com/fireeye/stringsifter Author: FireEye Inc. License: Apache License 2.0: https://github.com/fireeye/stringsifter/blob/master/LICENSE Notes: flarestrings State File: remnux.python3-packages.stringsifter​

PEframe

Statically analyze PE and Microsoft Office files.
Website: https://github.com/guelfoweb/peframe Author: Gianni Amato: https://twitter.com/guelfoweb License: Free, unknown license Notes: peframe State File: remnux.python3-packages.peframe​

dllcharacteristics.py

Read and set DLL characteristics of a PE file.

pefile

Python library for analyzing static properties of PE files.

PE Tree

Examine contents and structure of PE files.

pedump

Statically analyze PE files and extract their components (e.g., resources).
Website: https://github.com/zed-0xff/pedump Author: Andrey "Zed" Zaikin License: MIT License: https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt State File: remnux.rubygems.pedump​

pecheck

Analyze static properties of PE files.
Website: https://blog.didierstevens.com/2020/03/15/pecheck-py-version-0-7-10/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: pecheck.py State File: remnux.scripts.pecheck​

pev

Analyze PE files and extract strings from them
Website: http://pev.sourceforge.net Author: Fernando Merces, Jardel Weyrich License: GNU General Public License (GPL) v2: https://github.com/merces/pev/blob/master/LICENSE Notes: pestr, readpe, pedis, pehash, pescan, peldd, peres State File: remnux.packages.pev​

PortEx

Statically analyze PE files.
Website: https://github.com/katjahahn/PortEx Author: Karsten Hahn: https://twitter.com/struppigel License: Apache License 2.0: https://github.com/katjahahn/PortEx/blob/master/LICENSE Notes: portex State File: remnux.packages.portex​

bearparser

Parse PE file contents.
Website: https://github.com/hasherezade/bearparser/wiki Author: hasherezade: https://twitter.com/hasherezade License: BSD 2-Clause "Simplified" License: https://github.com/hasherezade/bearparser/blob/master/LICENSE Notes: bearcommander State File: remnux.packages.bearparser​
Previous
General
Next
ELF Files
Last modified 10mo ago
Copy link
Contents
Manalyze
StringSifter
PEframe
dllcharacteristics.py
pefile
PE Tree
pedump
pecheck
pev
PortEx
bearparser