Skip to content

Latest commit

 

History

History
52 lines (42 loc) · 1.82 KB

README.md

File metadata and controls

52 lines (42 loc) · 1.82 KB

pe-checks

PE file informations (VirusTotal like) for malware development and AV evasion research

Installation

Note:

This script requires python3

Check out the source code

git clone --recurse-submodules https://github.com/sgtdede/pe-checks.git
cd pe-checks

Install the python dependencies

pip install -r requirements.txt

Help

python pe-checks.py -h
usage: pe-checks.py [-h] [-a] [-c] [-s] [-v] [filename ...]

PE informations

positional arguments:
  filename

optional arguments:
  -h, --help  show this help message and exit
  -a, --all   perform all modules
  -c, --capa  perform a CAPA scan
  -s, --scan  perform a defender engine scan (WARNING:before lauching that scan you need to adjust Defender settings to: Defender ON, Submission OFF)
  -y, --yara  perform a yara scan using Valhalla's free rules  
  -v          verbose mode

Usage exemple

python pe-checks.py doggo.exe -v -s -c -y

image image image image

Thanks to

This script is powered by pefile, capa, RichPE, yara-python, valhallaAPI and PyDefenderCheck

TODO

  • Add signature support
  • Add manifest/fileversion support