PE Files
Statically Analyze Code
Last updated
Statically Analyze Code
Last updated
Perform static analysis of various aspects of malicious code.
Website:
Author: The MITRE Corporation,
License: License 2.0:
Notes: Malchive command-line tools start with the prefix malutil-. See for details.
State File:
Emulate code execution, including shellcode, Windows drivers, and Windows PE files.
Website:
Author: FireEye Inc, Andrew Davis
License: MIT License:
Notes: To run the tool, use speakeasy, emu_exe.py, and emu_dll.py commands.
State File:
Analyze I/O operations of a suspicious PE file by emulating its execution.
Website: Author: Carbon Black, Kyle Gwinnup, John Holowczak License: GNU General Public License (GPL) v2: Notes: Before using this tool, place the files your sample requires under /opt/binee-files/win10_32. For example, the Windows DLLs it needs should go /opt/binee-files/win10_32/windows/system32. If you have a Windows 10 64-bit system, you can get the 32-bit DLLs from C:\Windows\SysWOW64 To check which DLLs you might need by examining the import table using the "-i" parameter. State File:
Scan a PE file to list the associated Malware Behavior Catalog (MBC) details.
Website: Author: Karlo Licudine: License: GNU General Public License (GPL) v3.0: Notes: mbcscan.py State File:
Detect suspicious capabilities in PE files.
Website: Author: FireEye Inc, Willi Ballenthin: , Moritz Raabe: License: Apache License 2.0: State File: