peframe is a open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, macro and much more information about the suspicious files.
I ainized this program, so you don't need to setting environment. You just click 'Run on Ainize' and can see performed automatically on ainized server. The result will be shown as json, You can download json file and used in your area.
- click 'Run on ainize'
- click Peframe
- upload file that you want to check
- The result will be shown as json file.
if you want run on you local environment follow the step
Download
sudo apt install git
git clone https://github.com/guelfoweb/peframe.git
cd peframe
Installation script for Ubuntu
sudo bash install.sh
Installation (prerequisites required)
sudo python3 setup.py install
Prerequisites
The following prerequisites are required to be installed on your system before you can install and use peframe.
python >= 3.6.6
pyton3-pip
libssl-dev
swig
peframe -h
peframe filename Short output analysis
peframe -i filename Interactive mode
peframe -j filename Full output analysis JSON format
peframe -x STRING filename Search xored string
peframe -s filename Strings output
Note
You can edit "config-peframe.json" file in "config" folder to configure virustotal API key. After installation you can use "peframe -h" to find api_config path.
MS Office (macro) document analysis with peframe 6.0.1
PE file analysis with peframe 6.0.1
- Integration of Static and Dynamic Analysis for Malware Family Classification with Composite Neural Network > (Yao Saint, Yen Institute of Information Science, Academia Sinica, Taiwan)
- Machine Learning Aided Static Malware Analysis: A Survey and Tutorial > (Sergii Banin, Andrii Shalaginov, Ali Dehghantanha, Katrin Franke, Norway)
- Multinomial malware classification, research of the Department of Information Security and Communication Technology (NTNU) > (Sergii Banin and Geir Olav Dyrkolbotn, Norway)
- SANS DFIR Poster 2016 > (PEframe was listed in the REMnux toolkits)
- Tools for Analyzing Static Properties of Suspicious Files on Windows > (SANS Digital Forensics and Incident Response, Lenny Zeltser).
- Automated Static and Dynamic Analysis of Malware > (Cyber Defence Magazine, Andrew Browne, Director Malware Lab Lavasoft).
- Suspicious File Analysis with PEframe > (eForensics Magazine, Chintan Gurjar)
- CERT FR Security Bulletin > (PEframe was mentioned in the security bulletin CERTFR-2014-ACT-030)
- Infosec CERT-PA Malware Analysis > (PEframe is used in the malware analysis engine of Infosec project)
This tool is currently maintained by Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.