Skip to main content

peframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

Project description


peframe (peframe-ds on pypi)

peframe is an open source tool to perform static analysis on Portable Executable malware and generic suspicious files. It can help malware researchers to detect packers, xor, digital signatures, mutex, anti-debug, anti-virtual machine, suspicious sections and functions, macros and much more.

Prerequisites

The following prerequisites are necessary before you can install and use peframe.

python >= 3.6.6
python3-pip
python3-dev
build-essential
libmagic-dev
libssl-dev
swig

Install Methods

Manual Download and Install

sudo apt install git
git clone https://github.com/digitalsleuth/peframe.git
cd peframe
sudo python3 -m pip install .

One-step Install

sudo python3 -m pip install git+https://github.com/digitalsleuth/peframe.git

OR

sudo python3 -m pip install peframe-ds

Usage

peframe -h

peframe filename            Short output analysis
peframe -i filename         Interactive mode
peframe -j filename         Full output analysis JSON format
peframe -x STRING filename  Search xored string
peframe -s filename         Strings output

Note

You can edit "config-peframe.json" file in "config" folder to configure virustotal API key. After installation you can use "peframe -h" to find api_config path.

How it works

MS Office (macro) document analysis with peframe 6.0.1

image

PE file analysis with peframe 6.0.1

image

Talk about...

Other

This version of peframe is currently maintained by Corey Forman and includes the recent and relevant pull requests from the original repo.

The originator of this software is Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

peframe_ds-7.0.0.tar.gz (861.5 kB view details)

Uploaded Source

Built Distribution

peframe_ds-7.0.0-py3-none-any.whl (888.9 kB view details)

Uploaded Python 3

File details

Details for the file peframe_ds-7.0.0.tar.gz.

File metadata

  • Download URL: peframe_ds-7.0.0.tar.gz
  • Upload date:
  • Size: 861.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.3

File hashes

Hashes for peframe_ds-7.0.0.tar.gz
Algorithm Hash digest
SHA256 67dfe1303df0e1961c7cf31b2d4bb22a14b5c16193d7563781d54d56a49d86f8
MD5 6d09205edb2faaffdd2cb15cb7aa61d8
BLAKE2b-256 2bd4e240aa6732abb30d2f6d55276b231981bdf99a7cbdb3e08e3d65e9633194

See more details on using hashes here.

File details

Details for the file peframe_ds-7.0.0-py3-none-any.whl.

File metadata

  • Download URL: peframe_ds-7.0.0-py3-none-any.whl
  • Upload date:
  • Size: 888.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.3

File hashes

Hashes for peframe_ds-7.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 28c012e7d40590cdd861a402f882db9d464ce6918fb6b9fcb350e6922e38e830
MD5 4082055e54a834a3eaac8234787bc738
BLAKE2b-256 3773cdde012fc0f91cf2b6e6c8c2711c808af945e56506f94d7b375b873e1436

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page