Skip to content
/ pefile-to-maec Public

Generate MAEC XML from Ero Carrera's pefile output

License

BSD-3-Clause, Unknown licenses found

Licenses found

BSD-3-Clause
LICENSE.txt
Unknown
COPYING
15 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MAECProject/pefile-to-maec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

177 Commits
pefile_to_maec
pefile_to_maec
 
 
.gitignore
.gitignore
 
 
COPYING
COPYING
 
 
LICENSE.txt
LICENSE.txt
 
 
README.rst
README.rst
 
 
pefile_to_maec.py
pefile_to_maec.py
 
 
setup.py
setup.py
 
 

Repository files navigation

pefile-to-maec

v1.0.0-beta1

A Python library for converting output from Ero Carrera's pefile utility to Malware Attribute Enumeration and Characterization (MAEC™) XML content. It is currently in the BETA phase.

pefile-to-maec uses the pefile package: "pefile is a multi-platform Python module to read and work with Portable Executable (aka PE) files. Most of the information in the PE Header is accessible, as well as all the sections, section's information and data."[1]

This package consists of a module that captures the pefile output for binary files in MAEC format (/pefile_to_maec), and a script that uses that module (pefile_to_maec.py).

Source:https://github.com/MAECProject/pefile-to-maec
MAEC:https://maecproject.github.io/

Dependencies

The pefile-to-maec script depends on the presence of certain packages/libraries to function. Please refer to their installation documentation for installation instructions.

Usage

The script can be called with:

python pefile_to_maec.py infile outfile

Where infile refers to the input PE binary file and outfile the name of the MAEC XML file to which the output will be written.

The module exposes the following functions:

  • generate_package_from_binary_filepath - given an filepath, return a python-maec Package object with the PEFile output.

To use these module functions, the module must first be installed with setuptools:

python setup.py install

At which point it can be used as a library:

import pefile_to_maec

Compatibility

The pefile-to-maec library is tested and written against python 2.7.x. Compatibility with other python versions is neither guaranteed nor implied.

Supported Features

The following features are mapped from the PEFile output and captured in MAEC:

  • Metadata
    • File name (on disk)
    • File path
    • File size (in bytes)
    • Hashes (MD5, SHA1)
  • DOS header
  • File header
  • Optional header
  • Exports
  • Imports
  • Resource directories

Feedback

Bug reports and feature requests are welcome and encouraged. Pull requests are especially appreciated. Feel free to use the issue tracker on GitHub, join the MAEC Community Email Discussion List, or send an email directly to maec@mitre.org.

About

Generate MAEC XML from Ero Carrera's pefile output

Resources

Readme

License

BSD-3-Clause, Unknown licenses found

Licenses found

BSD-3-Clause
LICENSE.txt
Unknown
COPYING
Activity
Custom properties

Stars

15 stars

Watchers

12 watching

Forks

2 forks
Report repository

Releases 1

v1.0.0-beta1 Latest
Nov 26, 2014

Packages

 
 
 

Contributors 7

Languages