Pepper - An Opened Upwards Origin Script To Perform Malware Static Analysis On Portable Executable - Hi friends mederc, In the article that you read this time with the title Pepper - An Opened Upwards Origin Script To Perform Malware Static Analysis On Portable Executable, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Anti-Debugging, Article Malware Analysis, Article MS Office, Article PEpper, Article Python3, Article Static Analysis, Article VirusTotal, Article Yara, we write this you can understand. Alright, happy reading.

Title : Pepper - An Opened Upwards Origin Script To Perform Malware Static Analysis On Portable Executable
link : Pepper - An Opened Upwards Origin Script To Perform Malware Static Analysis On Portable Executable

Pepper - An Opened Upwards Origin Script To Perform Malware Static Analysis On Portable Executable

An opened upward source tool to perform malware static analysis on Portable Executable

Installation

eva@paradise: $ git clone https://github.com/Th3Hurrican3/PEpper/ eva@paradise: $ cd PEpper eva@paradise: $ pip3 install -r requirements.txt eva@paradise: $ python3 pepper.py ./malware_dir

Screenshot

CSV output

Feature extracted

• Suspicious entropy ratio
• Suspicious name ratio
• Suspicious code size
• Suspicious debugging time-stamp
• Number of export
• Number of anti-debugging calls
• Number of virtual-machine detection calls
• Number of suspicious API calls
• Number of suspicious strings
• Number of YARA rules matches
• Number of URL found
• Number of IP found
• Cookie on the stack (GS) support
• Control Flow Guard (CFG) support
• Data Execution Prevention (DEP) support
• Address Space Layout Randomization (ASLR) support
• Structured Exception Handling (SEH) support
• Thread Local Storage (TLS) support
• Presence of manifest
• Presence of version
• Presence of digital certificate
• Packer detection
• VirusTotal database detection
• Import hash

Notes

• Can survive run on single or multiple PE (placed within a directory)
• Output volition survive saved (in the same directory of pepper.py) every bit output.csv
• To role VirusTotal scan, add together your mortal fundamental inwards the module called "virustotal.py" (Internet connector required)

Credits
Many thank y'all to those who indirectly helped me inwards this work, specially:

• The LIEF projection together with its awesome library
• PEstudio, a actually amazing software to analyze PE
• PEframe from guelfoweb, an incredible widespread tool to perform static analysis on Portable Executable malware together with malicious MS Office documents
• Yara-Rules project, which provides compiled signatures, classified together with kept every bit upward to appointment every bit possible

Download PEpper

Thus the article Pepper - An Opened Upwards Origin Script To Perform Malware Static Analysis On Portable Executable

That's all the article Pepper - An Opened Upwards Origin Script To Perform Malware Static Analysis On Portable Executable this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Pepper - An Opened Upwards Origin Script To Perform Malware Static Analysis On Portable Executable with the link address https://mederc.blogspot.com/2013/02/pepper-opened-upwards-origin-script-to.html

Share this post