Static malware analysis with PEpper

May 13, 2020, 11: 10 am in tools

The PEpper is an open source tool for performing static malware analysis on Portable Executable.

Installation

[Email protected]: ~ # git clone https://github.com/Th3Hurrican3/PEpper/

[Email protected]: ~ # cd [Email protected]: ~ # pip3 install -r requirements.txt

[Email protected]: ~ # python3 pepper.py ./malware_dir

Snapshots

CSV output

Application features

Ύποπτη entropy of ratio
Ύποπτα names ratio
Suspicious sizes of codes
Ύποπτα debugging time-stamp
Numbers from at export
Numbers from anti-debugging calls
Numbers from virtual-machine detection calls
Numbers from suspicious API calls
Numbers from suspicious strings
Numbers from YARA rules
Numbers from URL who discovers
Numbers from IP who discovers

And much more…

Note

Can be run in single or multiple PE (placed in a directory)
The output of the results will be saved (in its own directory pepper.py) with output.csv
To use VirusTotal scan, add your private key to "virustotal.py" (Internet connection required)

Spread the news

About Us Anastasis Vasileiadis

Anastasis is going through the 33rd year of his age, born and bred in Thessaloniki.
Graduated IT Application Technician and has been dealing with internet security since 2009.

He has fought all these years to combat the sexual exploitation of minors on the internet and is informing the world about the dangers of the internet and how to protect themselves from them.

Hack a Drone using Dronesploit

10 rules for child safety on the internet!

Comment Policy:

IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators

Leave your comment
Ακύρωση απάντησης