📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • Manalyze
  • StringSifter
  • PEframe
  • dllcharacteristics.py
  • pefile
  • PE Tree
  • pedump
  • pecheck
  • pev
  • PortEx
  • bearparser
  • debloat
  1. Discover the Tools
  2. Examine Static Properties

PE Files

Examine Static Properties

Manalyze

Perform static analysis of suspicious PE files.

Website: https://github.com/JusticeRage/Manalyze Author: Ivan Kwiatkowski: https://twitter.com/JusticeRage License: GNU General Public License (GPL) v3: https://github.com/JusticeRage/Manalyze/blob/master/LICENSE.txt Notes: Run "manalyze" to invoke the tool. To update the tool's Yara rules to include ClamAV, run "sudo /usr/local/manalyze/yara_rules/update_clamav_signatures.py". To query VirusTotal, add your API key to /usr/local/manalyze/manalyze.conf. State File: remnux.tools.manalyze

StringSifter

Automatically rank strings based on their relevance to the analysis of suspicious Windows executables.

Website: https://github.com/fireeye/stringsifter Author: FireEye Inc. License: Apache License 2.0: https://github.com/fireeye/stringsifter/blob/master/LICENSE Notes: flarestrings State File: remnux.python3-packages.stringsifter

PEframe

Statically analyze PE and Microsoft Office files.

Website: https://github.com/guelfoweb/peframe Author: Gianni Amato: https://twitter.com/guelfoweb License: Free, unknown license Notes: peframe State File: remnux.python3-packages.peframe

dllcharacteristics.py

Read and set DLL characteristics of a PE file.

Website: https://github.com/accidentalrebel/dllcharacteristics.py Author: Karlo Licudine: https://twitter.com/accidentalrebel License: GNU General Public License (GPL) v3.0: https://github.com/accidentalrebel/dllcharacteristics.py/blob/master/LICENSE State File: remnux.scripts.dllcharacteristics

pefile

Python library for analyzing static properties of PE files.

Website: https://github.com/erocarrera/pefile Author: Ero Carrera: http://blog.dkbza.org License: MIT License: https://github.com/erocarrera/pefile/blob/master/LICENSE Notes: https://github.com/erocarrera/pefile/blob/wiki/UsageExamples.md#introduction State File: remnux.python3-packages.pefile

PE Tree

Examine contents and structure of PE files.

Website: https://github.com/blackberry/pe_tree Author: BlackBerry Limited: https://twitter.com/BlackBerrySpark and Tom Bonner: https://twitter.com/thomas_bonner License: Apache License 2.0: https://github.com/blackberry/pe_tree/blob/master/LICENSE Notes: pe-tree State File: remnux.python3-packages.pe-tree

pedump

Statically analyze PE files and extract their components (e.g., resources).

Website: https://github.com/zed-0xff/pedump Author: Andrey "Zed" Zaikin License: MIT License: https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt State File: remnux.rubygems.pedump

pecheck

Analyze static properties of PE files.

Website: https://blog.didierstevens.com/2020/03/15/pecheck-py-version-0-7-10/ Author: Didier Stevens: https://twitter.com/DidierStevens License: Public Domain Notes: pecheck.py State File: remnux.scripts.pecheck

pev

Analyze PE files and extract strings from them

Website: https://pev.sourceforge.io Author: Fernando Merces, Jardel Weyrich License: GNU General Public License (GPL) v2: https://github.com/mentebinaria/readpe/blob/master/LICENSE Notes: pestr, readpe, pedis, pehash, pescan, peldd, peres State File: remnux.packages.pev

PortEx

Statically analyze PE files.

Website: https://github.com/katjahahn/PortEx Author: Karsten Hahn: https://twitter.com/struppigel License: Apache License 2.0: https://github.com/katjahahn/PortEx/blob/master/LICENSE Notes: portex State File: remnux.packages.portex

bearparser

Parse PE file contents.

Website: https://github.com/hasherezade/bearparser/wiki Author: hasherezade: https://twitter.com/hasherezade License: BSD 2-Clause "Simplified" License: https://github.com/hasherezade/bearparser/blob/master/LICENSE Notes: bearcommander State File: remnux.packages.bearparser

debloat

Remove junk contents from bloated Windows executables.

Website: https://github.com/Squiblydoo/debloat Author: Squiblydoo: https://twitter.com/SquiblydooBlog License: BSD 3-Clause License: https://github.com/Squiblydoo/debloat/blob/main/LICENSE Notes: Run the command-line version as debloat or the GUI version as debloat-gui State File: remnux.python3-packages.debloat

PreviousGeneralNextELF Files

Last updated 1 year ago