PE Files

Examine Static Properties


Perform static analysis of suspicious PE files.

Website: Author: Ivan Kwiatkowski: License: GNU General Public License (GPL) v3: Notes: Run "manalyze" to invoke the tool. To update the tool's Yara rules to include ClamAV, run "sudo /usr/local/manalyze/yara_rules/". To query VirusTotal, add your API key to /usr/local/manalyze/manalyze.conf. State File:


Automatically rank strings based on their relevance to the analysis of suspicious Windows executables.

Website: Author: FireEye Inc. License: Apache License 2.0: Notes: flarestrings State File: remnux.python3-packages.stringsifter


Statically analyze PE and Microsoft Office files.

Website: Author: Gianni Amato: License: Free, unknown license Notes: peframe State File: remnux.python3-packages.peframe

Read and set DLL characteristics of a PE file.

Website: Author: Karlo Licudine: License: GNU General Public License (GPL) v3.0: State File: remnux.scripts.dllcharacteristics


Python library for analyzing static properties of PE files.

Website: Author: Ero Carrera: License: MIT License: Notes: State File: remnux.python3-packages.pefile

PE Tree

Examine contents and structure of PE files.

Website: Author: BlackBerry Limited: and Tom Bonner: License: Apache License 2.0: Notes: pe-tree State File:


Statically analyze PE files and extract their components (e.g., resources).

Website: Author: Andrey "Zed" Zaikin License: MIT License: State File: remnux.rubygems.pedump


Analyze static properties of PE files.

Website: Author: Didier Stevens: License: Public Domain Notes: State File: remnux.scripts.pecheck


Analyze PE files and extract strings from them

Website: Author: Fernando Merces, Jardel Weyrich License: GNU General Public License (GPL) v2: Notes: pestr, readpe, pedis, pehash, pescan, peldd, peres State File: remnux.packages.pev


Statically analyze PE files.

Website: Author: Karsten Hahn: License: Apache License 2.0: Notes: portex State File: remnux.packages.portex


Parse PE file contents.

Website: Author: hasherezade: License: BSD 2-Clause "Simplified" License: Notes: bearcommander State File: remnux.packages.bearparser


Remove junk contents from bloated Windows executables.

Website: Author: Squiblydoo: License: BSD 3-Clause License: Notes: Run the command-line version as debloat or the GUI version as debloat-gui State File: remnux.python3-packages.debloat

Last updated