PEframe is a open source tool to perform static analysis on (portable executable) malware.
Python
Switch branches/tags
Nothing to show
Clone or download
Latest commit b8f4674 Jan 30, 2018
Permalink
Failed to load latest commit information.
peframe 5.0.1 bug fix Mar 8, 2016
CHANGELOG.rst 5.0.1 bug fix Mar 8, 2016
README.rst Update README.rst Jan 30, 2018
setup.py 5.0.1 bug fix Mar 8, 2016

README.rst

PEframe 5.0.1

PEframe is a open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, and much more information about the suspicious files.

Documentation will be available soon.

Usage

$ peframe <filename>            Short output analysis

$ peframe --json <filename>     Full output analysis JSON format

$ peframe --strings <filename>  Strings output

You can edit stringsmatch.json file to configure your fuzzer and virustotal apikey.

Output example

Short data example | Full data (JSON) example

Install

Prerequisites

Python 2.7.x

How to

To install from PyPI:

# pip install https://github.com/guelfoweb/peframe/archive/master.zip

To install from source:

$ git clone https://github.com/guelfoweb/peframe.git

$ cd peframe

# python setup.py install

Note

For Windows environment, you need to follow the instructions here: https://github.com/ahupp/python-magic#dependencies (Thanks to Biagio)

Talk about...

Other

This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.