Home Software Analyse Portable Executable Files with PortEx

Analyse Portable Executable Files with PortEx

1
0
2,670

PortEx is a Java library for static malware analysis of portable executable files. It has the following features:

Reading Header information from: MSDOS Header, COFF File Header, Optional Header, Section Table

Reading standard section formats: import section, resource section, export section, debug section, relocations, delay-load imports

Dumping of sections, overlay, embedded ZIP, JAR or .class files

Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values. See here for a full list of anomalies

Visualize a PE file’s structure as it is on disk and visualize the local entropies of a file

Calculate Shannon Entropy for files and sections

Calculate hash values for files and sections

Scan for PEiD signatures or your own signature database

Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)

Extract Unicode and ASCII strings contained in the file

Overlay detection and dumping

Extract ICO files from resource section

You can learn more about the tool from the project page.

Load More Related Articles
Load More In Software

One Comment

  1. Week 50 – 2016 – This Week In 4n6

    December 18, 2016 at 9:32 am

    […] They shared a tool written by Karsten Hahn called PortEx which โ€œis a Java library for static malware analysis of portable executable files. Its focus is on PE malformation robustness and anomaly detection.โ€ Analyse Portable Executable Files with PortEx […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *