![]() ![]() ![]() In case files should be submitted to VirusTotal in order to retrieve their score, a VirusTotal API key has to be stored in the file VirusTotalApiKey in the root of the directory. ![]() LIEF to parse the PE file pip3 install setuptools -upgrade pip3 install lief.prettytable python library: pip3 install prettytable.An interactive mode can be used in order to show only selected information at a time.A human-readable representation containing all the requested information at once.Output a JSON representation with the requested information.Output an xml file containing the desired information.Many options can be used to specify which analysis should be performed.We support multiple output formats and make the output result highly configurable: Include support for yara rules by calling the yara-python library (if installed).On top, we check various suspicious values, among others a high entropy, known imphashes, anomalies of the entry-point address, sections, headers, data.Check the presence of more than 100 features in the PE file.Show various information and highlight anomalies about the PE file like the PE header (time date stamp in the future), TLS callbacks or the relocations.Examine the strings of the binary to find blacklisted values.Check if the binary uses blacklisted libraries/imports.Currently, these are signatures of packers Match the PE file against signatures of known malicious programs (the signatures are imported from PEStudio).Submit the file to VirusTotal and present a summary of the result to the user.Our goal is the implementation of a python-based command-line tool which can be used to check PE files for known malicious patterns. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |