Skip to content
Yet another implementation of PEiD with yara
Go Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd/anti_dbg_msgbox Add anti-denugging program Jan 4, 2017
data
LICENSE Initial commit Jan 4, 2017
Makefile Add version info in binary Jan 6, 2017
README.md Fix Issue #1 Jan 6, 2017
comment.go
config.go Fix Issue #1 Jan 6, 2017
config_windows.go Add single binary which contains yara / yara rules binary Jan 6, 2017
confing_linux.go Add single binary which contains yara / yara rules binary Jan 6, 2017
helper.go Add single binary which contains yara / yara rules binary Jan 6, 2017
helper_linux.go Add version info in binary Jan 6, 2017
helper_windows.go Fix Issue #1 Jan 6, 2017
main.go Add version info in binary Jan 6, 2017
prepare.go Add single binary which contains yara / yara rules binary Jan 6, 2017

README.md

PEiD (alpha version)

Yet another implementation of PEiD with yara

Download

You can get pre-build binary here: https://github.com/K-atc/PEiD/releases

Features

  • don't need to install yara and download yara rules
  • support multiple file types: PE, Malicious Documents, etc
  • multi platform support: Linux, Windows
  • analyze outputs of yara (see following output)

Usage

% ./PEiD --prepare # if yara and yara rules does not exists 
INFO[0000] prepare successfuly                          
% ./PEiD cmd/anti_dbg_msgbox/anti_dbg_msgbox-upx.exe
INFO[0000] yara = '/home/katc/bin/PEiD/yara'            
INFO[0000] all requirements met                         
RULES_FILE = /home/katc/malware/rules/index.yar
cmd/anti_dbg_msgbox/anti_dbg_msgbox-upx.exe =>
  PE : 32 bit
  DLL : no
  Packed : yes
  Anti-Debug : no (yes)
  GUI Program : no (yes)
  Console Program : yes
  contains base64
  PEiD : ["UPX_wwwupxsourceforgenet_additional" "yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h" "UPX_290_LZMA" "UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser" "UPX_290_LZMA_additional" "UPX_wwwupxsourceforgenet"]

Requirement

run

there's no requirements!

build

install

  • git
  • make
  • go
  • go-bindata

Build

(optional) Download latest following releases to /data

Run following command to go get packages

export GOPATH=`pwd`
make init

Finally,

make

TODO

  • Colorize analysis result
  • Support Mac
You can’t perform that action at this time.