search

PE Files

Statically Analyze Code

hashtag
Malchive

Perform static analysis of various aspects of malicious code.

Website: https://github.com/MITRECND/malchivearrow-up-right Author: The MITRE Corporation, https://github.com/MITRECND/malchive/graphs/contributorsarrow-up-right License: License 2.0: https://github.com/MITRECND/malchive/blob/main/LICENSEarrow-up-right Notes: Malchive command-line tools start with the prefix malutil-. See utilities documentationarrow-up-right for details. State File: remnux.python3-packages.malchivearrow-up-right

hashtag
Speakeasy

Emulate code execution, including shellcode, Windows drivers, and Windows PE files.

Website: https://github.com/fireeye/speakeasyarrow-up-right Author: FireEye Inc, Andrew Davis License: MIT License: https://github.com/fireeye/speakeasy/blob/master/LICENSE.txtarrow-up-right Notes: To run the tool, use speakeasy, emu_exe.py, and emu_dll.py commands. State File: remnux.python3-packages.speakeasyarrow-up-right

hashtag
binee (Binary Emulation Environment)

Analyze I/O operations of a suspicious PE file by emulating its execution.

Website: https://github.com/carbonblack/bineearrow-up-right Author: Carbon Black, Kyle Gwinnup, John Holowczak License: GNU General Public License (GPL) v2: https://github.com/carbonblack/binee/blob/master/LICENSEarrow-up-right Notes: Before using this tool, place the files your sample requires under /opt/binee-files/win10_32. For example, the Windows DLLs it needs should go /opt/binee-files/win10_32/windows/system32. If you have a Windows 10 64-bit system, you can get the 32-bit DLLs from C:\Windows\SysWOW64 To check which DLLs you might need by examining the import table using the "-i" parameter. State File: remnux.packages.bineearrow-up-right

hashtag
mbcscan

Scan a PE file to list the associated Malware Behavior Catalog (MBC) details.

Website: https://github.com/accidentalrebel/mbcscanarrow-up-right Author: Karlo Licudine: https://twitter.com/accidentalrebelarrow-up-right License: GNU General Public License (GPL) v3.0: https://github.com/accidentalrebel/mbcscan/blob/master/LICENSEarrow-up-right Notes: mbcscan.py State File: remnux.scripts.mbcscanarrow-up-right

hashtag
capa

Detect suspicious capabilities in PE files.

Website: https://github.com/fireeye/capaarrow-up-right Author: FireEye Inc, Willi Ballenthin: https://twitter.com/williballenthinarrow-up-right, Moritz Raabe: https://twitter.com/m_r_tzarrow-up-right License: Apache License 2.0: https://github.com/fireeye/capa/blob/master/LICENSE.txtarrow-up-right State File: remnux.tools.capaarrow-up-right

PreviousUnpackingNextPython

Last updated