Need help with peframe?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
guelfoweb

Description

PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

452 Stars 131 Forks 132 Commits 22 Opened issues

Services available

Need anything else?

=======

peframe

peframe is a open source tool to perform static analysis on

Portable Executable 
_ malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, macro and much more information about the suspicious files.

.. image:: https://www.paypalobjects.com/enUS/IT/i/btn/btndonateCCLG.gif :target: https://www.paypal.com/cgi-bin/webscr?cmd=s-xclick&hostedbuttonid=LWNAWQ9G6APU2

Install

Download

.. code-block::

sudo apt install git git clone https://github.com/guelfoweb/peframe.git cd peframe

Installation script for Ubuntu

.. code-block::

sudo bash install.sh

Installation (prerequisites required)

.. code-block::

sudo python3 setup.py install

Prerequisites

The following prerequisites are required to be installed on your system before you can install and use peframe.

.. code-block::

python >= 3.6.6
pyton3-pip
libssl-dev
swig

Usage

peframe -h

.. code-block::

peframe filename            Short output analysis
peframe -i filename         Interactive mode
peframe -j filename         Full output analysis JSON format
peframe -x STRING filename  Search xored string
peframe -s filename         Strings output

Note

You can edit "config-peframe.json" file in "config" folder to configure virustotal API key. After installation you can use "peframe -h" to find api_config path.

How to work

MS Office (macro) document analysis with peframe 6.0.1

.. image:: https://asciinema.org/a/mbLd5dChz9iI8eOY15fC2423X.svg :target: https://asciinema.org/a/mbLd5dChz9iI8eOY15fC2423X?autoplay=1

PE file analysis with peframe 6.0.1

.. image:: https://asciinema.org/a/P6ANqp0bHV0nFsuJDuqD7WQD7.svg :target: https://asciinema.org/a/P6ANqp0bHV0nFsuJDuqD7WQD7?autoplay=1

Talk about...

  • Building a smart and automated tool for packed malware detections using machine learning 
    _ (Ecole polytechnique de Louvain, Université catholique de Louvain, Minet, Jeremy; Roussieau, Julian 2020)
  • Revealing Packed Malware 
    _ (Department of Electrical and Computer Engineering, Nirwan Ansari, New Jersey Institute of Technology - NJIT)
  • Critical Infrastructures Security: Improving Defense Against Novel Malware and Advanced Persistent Threats (PDF) 
    _ (Department of Computer, Control, and Management Engineering Antonio Ruberti, Sapienza – University of Rome)
  • Anatomy on Malware Distribution Networks (PDF) 
    _ (Department of Intelligent Systems Engineering, Cheju Halla University, Jeju 63092, South Korea)
  • Intel Owl 0.4.0 
    _ (certego platform - threat intelligence data about a file, an IP or a domain)
  • Integration of Static and Dynamic Analysis for Malware Family Classification with Composite Neural Network 
    _ (Yao Saint, Yen Institute of Information Science, Academia Sinica, Taiwan)
  • Machine Learning Aided Static Malware Analysis: A Survey and Tutorial 
    _ (Sergii Banin, Andrii Shalaginov, Ali Dehghantanha, Katrin Franke, Norway)
  • Multinomial malware classification, research of the Department of Information Security and Communication Technology (NTNU) 
    _ (Sergii Banin and Geir Olav Dyrkolbotn, Norway)
  • SANS DFIR Poster 2016 
    _ (PEframe was listed in the REMnux toolkits)
  • Tools for Analyzing Static Properties of Suspicious Files on Windows 
    _ (SANS Digital Forensics and Incident Response, Lenny Zeltser).
  • Automated Static and Dynamic Analysis of Malware 
    _ (Cyber Defence Magazine, Andrew Browne, Director Malware Lab Lavasoft).
  • Suspicious File Analysis with PEframe 
    _ (eForensics Magazine, Chintan Gurjar)
  • CERT FR Security Bulletin 
    _ (PEframe was mentioned in the security bulletin CERTFR-2014-ACT-030)
  • Infosec CERT-PA Malware Analysis 
    _ (PEframe is used in the malware analysis engine of Infosec project)

Other

This tool is currently maintained by

Gianni 'guelfoweb' Amato 
, who can be contacted at [email protected] or twitter
@guelfoweb 
. Suggestions and criticism are welcome.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.