PE file informations (VirusTotal like) for malware development and AV evasion research
This script requires python3
git clone --recurse-submodules https://github.com/sgtdede/pe-checks.git
cd pe-checks
pip install -r requirements.txt
python pe-checks.py -h
usage: pe-checks.py [-h] [-a] [-c] [-s] [-v] [filename ...]
PE informations
positional arguments:
filename
optional arguments:
-h, --help show this help message and exit
-a, --all perform all modules
-c, --capa perform a CAPA scan
-s, --scan perform a defender engine scan (WARNING:before lauching that scan you need to adjust Defender settings to: Defender ON, Submission OFF)
-y, --yara perform a yara scan using Valhalla's free rules
-v verbose mode
python pe-checks.py doggo.exe -v -s -c -y
This script is powered by pefile, capa, RichPE, yara-python, valhallaAPI and PyDefenderCheck
- Add signature support
- Add manifest/fileversion support