PEpper is an open source tool for performing static malware analysis on Portable Executable.
Installation
[email protected]: ~ # git clone https://github.com/Th3Hurrican3/PEpper/
[email protected]: ~ # cd [email protected]: ~ # pip3 install -r requirements.txt
[email protected]: ~ # python3 pepper.py ./malware_dir
Snapshots
CSV output
Application features
- Suspicious entropy of ratio
- Suspect names ratio
- Suspicious sizes of codes
- Suspect debugging time-stamp
- Numbers from at export
- Numbers from anti-debugging calls
- Numbers from virtual-machine detection calls
- Numbers from suspicious API calls
- Numbers from suspicious strings
- Numbers from YARA rules
- Numbers from URL who discovers
- Numbers from IP who discovers
And much more…
Note
- Can be run in single or multiple PE (placed in a directory)
- The output of the results will be saved (in the same pepper.py directory) as output.csv
- To use VirusTotal scan, add your private key to "virustotal.py" (Internet connection required)
Read them Technology News from all over the world, with the validity of iGuRu.gr
Follow us on Google News
Comment Policy:
IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators