Skip to content

guelfoweb/peframe

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time

peframe

peframe is a open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, macro and much more information about the suspicious files.

Install

Download

sudo apt install git
git clone https://github.com/guelfoweb/peframe.git
cd peframe

Installation script for Ubuntu

sudo bash install.sh

Installation (prerequisites required)

sudo python3 setup.py install

Prerequisites

The following prerequisites are required to be installed on your system before you can install and use peframe.

python >= 3.6.6
pyton3-pip
libssl-dev
swig

Usage

peframe -h

peframe filename            Short output analysis
peframe -i filename         Interactive mode
peframe -j filename         Full output analysis JSON format
peframe -x STRING filename  Search xored string
peframe -s filename         Strings output

Note

You can edit "config-peframe.json" file in "config" folder to configure virustotal API key. After installation you can use "peframe -h" to find api_config path.

How to work

MS Office (macro) document analysis with peframe 6.0.1

PE file analysis with peframe 6.0.1

Talk about...

Other

This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.

About

PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages