This script analyzes MZ-PE (MS-DOS) executable.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)

Author: Maurice Lambert

Maintainer: Maurice Lambert

Tags PE, MZ, DLL, MS-DOS, Program, Forensic, Analysis, Executable, Malware-Analysis, Reverse-Engineering

Requires: Python >=3.8

Classifiers

Project description

Program Executable Analyzer

Description

This script analyzes MZ-PE (MS-DOS) executable file.

This tool is useful for malware analysis or debug/understand compiled dependencies.

  1. Verify signature and print informations about signature and trust
  2. Analyze DLLs and imported functions name
  3. Analyze exported functions name
  4. Get executable filename at the compiled time
  5. Get encodings and languages used for compilation
  6. Print informations about rich headers
  7. Get timestamps saved in executable
  8. Print informations about sections and characteristics (permissions, ect...)
  9. Print the entry point position and section
  10. Get architecture, system version, resources (Version file, Manifest)
  11. Get company name, product name, product version, copyright
  12. Sections names, sizes, addresses and characteristics
  13. Analyze MS-DOS and NT headers
  14. When matplotlib is installed, generate charts to compare sections on the disk and in the memory
  15. When matplotlib and EntropyAnalysis are installed, generate charts for entropy analysis (with sections)
  16. Extract overlay

TODO: analyze results to detect language and score the risk.

Requirements

  • python3
  • Python 3 Standard library

Optional

  • matplotlib
  • EntropyAnalysis

Matplotlib and EntropyAnalysis are not installed by ProgramExecutableAnalyzer because this package can be installed on server without GUI.

You can install optinal required packages with the following command: python3 -m pip install matplotlib EntropyAnalysis

Installation

pip install ProgramExecutableAnalyzer

Usages

python3 ProgramExecutableAnalyzer.py -h
python3 ProgramExecutableAnalyzer.py executable.exe
python3 ProgramExecutableAnalyzer.py -c executable.exe  # No color
python3 ProgramExecutableAnalyzer.py -v executable.exe  # Verbose mode

Screenshots

PE Headers Analysis PE Headers Analysis PE Imports Analysis PE Signature Informations PE Entropy Analysis PE Compare Section Size Charts

Links

Licence

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)

Author: Maurice Lambert

Maintainer: Maurice Lambert

Tags PE, MZ, DLL, MS-DOS, Program, Forensic, Analysis, Executable, Malware-Analysis, Reverse-Engineering

Requires: Python >=3.8

Classifiers

Release history Release notifications | RSS feed

This version

1.0.1

1.0.0

0.0.11

0.0.10

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ProgramExecutableAnalyzer-1.0.1.tar.gz (36.4 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page