Page 26 - index
P. 26
3
peframe , written by Gianni Amato, is a feature rich open source tool that massively simplifies the static
analysis of Portable Executable files. Written in Python, it has the ability to extract a huge amount of
useful information from the file to be analysed that can provide insight into what the file does; to collect
this information manually would require many tools and a considerable amount of time.
In the following example, peframe will be installed on Ubuntu 12.04 LTS using the default Python 2.7.3
installation.
Installing peframe
Install latest versions of Python 2.7: http://www.python.org/getit/
Download the latest version of peframe from
http://code.google.com/p/peframe/downloads/list
Extract the peframe zip file to the directory you want to run it from
Using peframe
To see all the available static analysis options, run python peframe.py from the directory you extracted it
to.
$ python peframe.py
peframe 0.4 by Gianni 'guelfoweb' Amato
http://code.google.com/p/peframe/
USAGE:
peframe
OPTIONS:
-h --help This help
-a --auto Show Auto analysis
-i --info PE file attributes
--hash Hash MD5 & SHA1
--meta Version info & metadata
--peid PE Identifier Signature
--antivm Anti Virtual Machine
--antidbg Anti Debug | Disassembler
--sections Section analyzer
--functions Imported DLLs & API functions
--suspicious Search for suspicious API & sections
--dump Dumping all the information
3
http://code.google.com/p/peframe
26 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
