Comment on page
PE Files
Examine Static Properties
Perform static analysis of suspicious PE files.
Website: https://github.com/JusticeRage/Manalyze
Author: Ivan Kwiatkowski: https://twitter.com/JusticeRage
License: GNU General Public License (GPL) v3: https://github.com/JusticeRage/Manalyze/blob/master/LICENSE.txt
Notes: Run "manalyze" to invoke the tool. To update the tool's Yara rules to include ClamAV, run "sudo /usr/local/manalyze/yara_rules/update_clamav_signatures.py". To query VirusTotal, add your API key to /usr/local/manalyze/manalyze.conf.
State File: remnux.tools.manalyze
Automatically rank strings based on their relevance to the analysis of suspicious Windows executables.
Website: https://github.com/fireeye/stringsifter
Author: FireEye Inc.
License: Apache License 2.0: https://github.com/fireeye/stringsifter/blob/master/LICENSE
Notes: flarestrings
State File: remnux.python3-packages.stringsifter
Statically analyze PE and Microsoft Office files.
Website: https://github.com/guelfoweb/peframe
Author: Gianni Amato: https://twitter.com/guelfoweb
License: Free, unknown license
Notes: peframe
State File: remnux.python3-packages.peframe
Read and set DLL characteristics of a PE file.
Website: https://github.com/accidentalrebel/dllcharacteristics.py
Author: Karlo Licudine: https://twitter.com/accidentalrebel
License: GNU General Public License (GPL) v3.0: https://github.com/accidentalrebel/dllcharacteristics.py/blob/master/LICENSE
State File: remnux.scripts.dllcharacteristics
Python library for analyzing static properties of PE files.
Website: https://github.com/erocarrera/pefile
Author: Ero Carrera: http://blog.dkbza.org
License: MIT License: https://github.com/erocarrera/pefile/blob/master/LICENSE
Notes: https://github.com/erocarrera/pefile/blob/wiki/UsageExamples.md#introduction
State File: remnux.python3-packages.pefile
Examine contents and structure of PE files.
Website: https://github.com/blackberry/pe_tree
Author: BlackBerry Limited: https://twitter.com/BlackBerrySpark and Tom Bonner: https://twitter.com/thomas_bonner
License: Apache License 2.0: https://github.com/blackberry/pe_tree/blob/master/LICENSE
Notes: pe-tree
State File: remnux.python3-packages.pe-tree
Statically analyze PE files and extract their components (e.g., resources).
Website: https://github.com/zed-0xff/pedump
Author: Andrey "Zed" Zaikin
License: MIT License: https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt
State File: remnux.rubygems.pedump
Analyze static properties of PE files.
Website: https://blog.didierstevens.com/2020/03/15/pecheck-py-version-0-7-10/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
Notes: pecheck.py
State File: remnux.scripts.pecheck
Analyze PE files and extract strings from them
Website: http://pev.sourceforge.net
Author: Fernando Merces, Jardel Weyrich
License: GNU General Public License (GPL) v2: https://github.com/merces/pev/blob/master/LICENSE
Notes: pestr, readpe, pedis, pehash, pescan, peldd, peres
State File: remnux.packages.pev
Statically analyze PE files.
Website: https://github.com/katjahahn/PortEx
Author: Karsten Hahn: https://twitter.com/struppigel
License: Apache License 2.0: https://github.com/katjahahn/PortEx/blob/master/LICENSE
Notes: portex
State File: remnux.packages.portex
Parse PE file contents.
Website: https://github.com/hasherezade/bearparser/wiki
Author: hasherezade: https://twitter.com/hasherezade
License: BSD 2-Clause "Simplified" License: https://github.com/hasherezade/bearparser/blob/master/LICENSE
Notes: bearcommander
State File: remnux.packages.bearparser
Remove junk contents from bloated Windows executables.
Website: https://github.com/Squiblydoo/debloat
Author: Squiblydoo: https://twitter.com/SquiblydooBlog
License: BSD 3-Clause License: https://github.com/Squiblydoo/debloat/blob/main/LICENSE
Notes: Run the command-line version as
debloat or the GUI version as debloat-gui
State File: remnux.python3-packages.debloatLast modified 3mo ago