peframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
Project description
peframe (peframe-ds on pypi)
peframe is an open source tool to perform static analysis on Portable Executable malware and generic suspicious files. It can help malware researchers to detect packers, xor, digital signatures, mutex, anti-debug, anti-virtual machine, suspicious sections and functions, macros and much more.
Prerequisites
The following prerequisites are necessary before you can install and use peframe.
python >= 3.6.6
python3-pip
python3-dev
build-essential
libmagic-dev
libssl-dev
swig
Install Methods
Manual Download and Install
sudo apt install git
git clone https://github.com/digitalsleuth/peframe.git
cd peframe
sudo python3 -m pip install .
One-step Install
sudo python3 -m pip install git+https://github.com/digitalsleuth/peframe.git
OR
sudo python3 -m pip install peframe-ds
Usage
peframe -h
peframe filename Short output analysis
peframe -i filename Interactive mode
peframe -j filename Full output analysis JSON format
peframe -x STRING filename Search xored string
peframe -s filename Strings output
Note
You can edit "config-peframe.json" file in "config" folder to configure virustotal API key. After installation you can use "peframe -h" to find api_config path.
How it works
MS Office (macro) document analysis with peframe 6.0.1
PE file analysis with peframe 6.0.1
Talk about...
- A Longitudinal Analysis of Brazilian Financial Malware (Federal University of Paraná, Marcus Botacin, Hojjat Aghakhani, Stefano Ortolani, Christopher Kruegel, Giovanni Vigna, Daniela Oliveira, Paulo Lício de Geus, André Grégio 2020)
- Building a smart and automated tool for packed malware detections using machine learning (Ecole polytechnique de Louvain, Université catholique de Louvain, Minet, Jeremy; Roussieau, Julian 2020)
- Revealing Packed Malware (Department of Electrical and Computer Engineering, Nirwan Ansari, New Jersey Institute of Technology - NJIT)
- Critical Infrastructures Security: Improving Defense Against Novel Malware and Advanced Persistent Threats (PDF) (Department of Computer, Control, and Management Engineering Antonio Ruberti, Sapienza -- University of Rome)
- Anatomy on Malware Distribution Networks (PDF) (Department of Intelligent Systems Engineering, Cheju Halla University, Jeju 63092, South Korea)
- Intel Owl 0.4.0 (certego platform - threat intelligence data about a file, an IP or a domain)
- Integration of Static and Dynamic Analysis for Malware Family Classification with Composite Neural Network (Yao Saint, Yen Institute of Information Science, Academia Sinica, Taiwan)
- Machine Learning Aided Static Malware Analysis: A Survey and Tutorial (Sergii Banin, Andrii Shalaginov, Ali Dehghantanha, Katrin Franke, Norway)
- Multinomial malware classification, research of the Department of Information Security and Communication Technology (NTNU) (Sergii Banin and Geir Olav Dyrkolbotn, Norway)
- SANS DFIR Poster 2016 (PEframe was listed in the REMnux toolkits)
- Tools for Analyzing Static Properties of Suspicious Files on Windows (SANS Digital Forensics and Incident Response, Lenny Zeltser).
- Automated Static and Dynamic Analysis of Malware (Cyber Defence Magazine, Andrew Browne, Director Malware Lab Lavasoft).
- Suspicious File Analysis with PEframe (eForensics Magazine, Chintan Gurjar)
- CERT FR Security Bulletin (PEframe was mentioned in the security bulletin CERTFR-2014-ACT-030)
- Infosec CERT-PA Malware Analysis (PEframe is used in the malware analysis engine of Infosec project)
Other
This version of peframe is currently maintained by Corey Forman and includes the recent and relevant pull requests from the original repo.
The originator of this software is Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file peframe_ds-7.0.0.tar.gz
.
File metadata
- Download URL: peframe_ds-7.0.0.tar.gz
- Upload date:
- Size: 861.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
67dfe1303df0e1961c7cf31b2d4bb22a14b5c16193d7563781d54d56a49d86f8
|
|
MD5 |
6d09205edb2faaffdd2cb15cb7aa61d8
|
|
BLAKE2b-256 |
2bd4e240aa6732abb30d2f6d55276b231981bdf99a7cbdb3e08e3d65e9633194
|
File details
Details for the file peframe_ds-7.0.0-py3-none-any.whl
.
File metadata
- Download URL: peframe_ds-7.0.0-py3-none-any.whl
- Upload date:
- Size: 888.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
28c012e7d40590cdd861a402f882db9d464ce6918fb6b9fcb350e6922e38e830
|
|
MD5 |
4082055e54a834a3eaac8234787bc738
|
|
BLAKE2b-256 |
3773cdde012fc0f91cf2b6e6c8c2711c808af945e56506f94d7b375b873e1436
|