Static malware analysis with PEpper

The it is an open source tool to perform static malware analysis on Portable Executables.

Pepper

 

Installation

root @ kali: ~ # git clone https://github.com/Th3Hurrican3/PEpper/

root @ kali: ~ # cd PEpperroot @ kali: ~ # pip3 install -r requirements.txt

root @ kali: ~ # python3 pepper.py ./malware_dir

 

Snapshots

CSV output

Application features

  • Suspicious entropy of ratio
  • Suspect names ratio
  • Suspicious sizes of codes
  • Suspect time-stamp
  • Numbers from export
  • Numbers from anti-debugging calls
  • Numbers from virtual-machine detection calls
  • Numbers from suspicious API calls
  • Numbers from suspicious strings
  • Numbers from YARA rules
  • Numbers from URL who discovers
  • Numbers from IP who discovers

And much more…

Note

  • Can be run in single or multiple PE (placed in a directory)
  • The output of the results will be saved (in the same pepper.py directory) as output.csv
  • To use VirusTotal scan, add your private key to “virustotal.py” (required on the Internet)

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.

animallinuxmalewarepepperscanvirus

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).