peframe-ds

peframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.


Keywords
peframe
License
GPL-3.0
Install
pip install peframe-ds==6.1.0

Documentation

peframe

peframe is an open source tool to perform static analysis on Portable Executable malware and generic suspicious files. It can help malware researchers to detect packers, xor, digital signatures, mutex, anti-debug, anti-virtual machine, suspicious sections and functions, macros and much more.

https://www.paypalobjects.com/en_US/IT/i/btn/btn_donateCC_LG.gif

Prerequisites

The following prerequisites are necessary before you can install and use peframe.

python >= 3.6.6
python3-pip
libssl-dev
swig

Install Methods

Manual Download and Install

sudo apt install git
git clone https://github.com/digitalsleuth/peframe.git
cd peframe

Installation script for Ubuntu

sudo bash install.sh
sudo python3 setup.py install

One-step Install

sudo python3 -m pip install git+https://github.com/digitalsleuth/peframe.git

Usage

peframe -h

peframe filename            Short output analysis
peframe -i filename         Interactive mode
peframe -j filename         Full output analysis JSON format
peframe -x STRING filename  Search xored string
peframe -s filename         Strings output

Note

You can edit "config-peframe.json" file in "config" folder to configure virustotal API key. After installation you can use "peframe -h" to find api_config path.

How it works

MS Office (macro) document analysis with peframe 6.0.1

PE file analysis with peframe 6.0.1

Talk about...

Other

This version of peframe is currently maintained by Corey Forman and includes the recent and relevant pull requests from the original repo.

The originator of this software is Gianni 'guelfoweb' Amato, who can be contacted at guelfoweb@gmail.com or twitter @guelfoweb. Suggestions and criticism are welcome.