Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md
TDSAnomalPE.py

README.md

TDSAnomalPE

Summary

The script utilizes python's pefile module to parse TimeDateStamp data points in a file header. TDSAnomalPE (TimeDateStamp plus a bad pun) compares identified data points to the compile time stored in the PE header. If there are discrepancies between them, it identifies them as possible evidence of compile time manipulation. TDSAnomalPE also compares the checksum in the header to a calculated checksum to see if they match, since mismatched checksums could indicate header manipulation.

For more information on the methodology behind this script, visit missmalware.com.

Documentation and Use

Download the script and run it using Python.

To run the script from the command line and print the results: python TDSAnomalPE.py [file path]

To run the script from a basic GUI: python TDSAnomalPE.py

You can’t perform that action at this time.