PEpper - An Open Source Script To Perform Malware Static Analysis On Portable Executable

✨ DeeZNuTz

✨ DeeZNuTz

✨ Master ✨
Staff member
May 15, 2017
990
759
1,045
PEpper_1_logo.jpeg


An open source tool to perform malware static analysis on Portable Executable
Installation
Code:
git clone https://github.com/Th3Hurrican3/PEpper/
cd PEpper
pip3 install -r requirements.txt
python3 pepper.py ./malware_dir
Click to expand...

Screenshot







CSV output

Feature extracted
  • Suspicious entropy ratio
  • Suspicious name ratio
  • Suspicious code size
  • Suspicious debugging time-stamp
  • Number of export
  • Number of anti-debugging calls
  • Number of virtual-machine detection calls
  • Number of suspicious API calls
  • Number of suspicious strings
  • Number of YARA rules matches
  • Number of URL found
  • Number of IP found
  • Cookie on the stack (GS) support
  • Control Flow Guard (CFG) support
  • Data Execution Prevention (DEP) support
  • Address Space Layout Randomization (ASLR) support
  • Structured Exception Handling (SEH) support
  • Thread Local Storage (TLS) support
  • Presence of manifest
  • Presence of version
  • Presence of digital certificate
  • Packer detection
  • VirusTotal database detection
  • Import hash
Notes
  • Can be run on single or multiple PE (placed inside a directory)
  • Output will be saved (in the same directory of pepper.py) as output.csv
  • To use VirusTotal scan, add your private key in the module called "virustotal.py" (Internet connection required)
Download PEpper
 
You must log in or register to reply here.

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Home Forums

User Menu

Login
Top Bottom