An Open Source Script To Perform Malware Static Analysis On Portable Executable – DigitalMunition




Pentest Tools An Open Source Script To Perform Malware Static Analysis On Portable Executable

Published on August 21st, 2019 📆 | 4712 Views ⚑

0

An Open Source Script To Perform Malware Static Analysis On Portable Executable

An open source tool to perform malware static analysis on Portable Executable

Installation

[email protected]:~$ git clone https://github.com/Th3Hurrican3/PEpper/
[email protected]:~$ cd PEpper
[email protected]:~$ pip3 install -r requirements.txt
[email protected]:~$ python3 pepper.py ./malware_dir


Screenshot

CSV output

Feature extracted

  • Suspicious entropy ratio
  • Suspicious name ratio
  • Suspicious code size
  • Suspicious debugging time-stamp
  • Number of export
  • Number of anti-debugging calls
  • Number of virtual-machine detection calls
  • Number of suspicious API calls
  • Number of suspicious strings
  • Number of YARA rules matches
  • Number of URL found
  • Number of IP found
  • Cookie on the stack (GS) support
  • Control Flow Guard (CFG) support
  • Data Execution Prevention (DEP) support
  • Address Space Layout Randomization (ASLR) support
  • Structured Exception Handling (SEH) support
  • Thread Local Storage (TLS) support
  • Presence of manifest
  • Presence of version
  • Presence of digital certificate
  • Packer detection
  • VirusTotal database detection
  • Import hash

Notes

  • Can be run on single or multiple PE (placed inside a directory)
  • Output will be saved (in the same directory of pepper.py) as output.csv
  • To use VirusTotal scan, add your private key in the module called “virustotal.py” (Internet connection required)

Credits
Many thanks to those who indirectly helped me in this work, specially:

  • The LIEF project and its awesome library
  • PEstudio, a really amazing software to analyze PE
  • PEframe from guelfoweb, an incredible widespread tool to perform static analysis on Portable Executable malware and malicious MS Office documents
  • Yara-Rules project, which provides compiled signatures, classified and kept as up to date as possible
Download PEpper

Download Best WordPress Themes Free Download
Download WordPress Themes
Premium WordPress Themes Download
Download Best WordPress Themes Free Download
free download udemy paid course

Tagged with:



Leave a Reply ✍


loading...