Skip to content

PE file informations (VirusTotal like) for malware development and AV evasion research

Notifications You must be signed in to change notification settings

sgtdede/pe-checks

Repository files navigation

pe-checks

PE file informations (VirusTotal like) for malware development and AV evasion research

Installation

Note:

This script requires python3

Check out the source code

git clone --recurse-submodules https://github.com/sgtdede/pe-checks.git
cd pe-checks

Install the python dependencies

pip install -r requirements.txt

Help

python pe-checks.py -h
usage: pe-checks.py [-h] [-a] [-c] [-s] [-v] [filename ...]

PE informations

positional arguments:
  filename

optional arguments:
  -h, --help  show this help message and exit
  -a, --all   perform all modules
  -c, --capa  perform a CAPA scan
  -s, --scan  perform a defender engine scan (WARNING:before lauching that scan you need to adjust Defender settings to: Defender ON, Submission OFF)
  -y, --yara  perform a yara scan using Valhalla's free rules  
  -v          verbose mode

Usage exemple

python pe-checks.py doggo.exe -v -s -c -y

image image image image

Thanks to

This script is powered by pefile, capa, RichPE, yara-python, valhallaAPI and PyDefenderCheck

TODO

  • Add signature support
  • Add manifest/fileversion support

About

PE file informations (VirusTotal like) for malware development and AV evasion research

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages