Home Software Analyse Portable Executable Files with PortEx

Analyse Portable Executable Files with PortEx


PortEx is a Java library for static malware analysis of portable executable files. It has the following features:

Reading Header information from: MSDOS Header, COFF File Header, Optional Header, Section Table

Reading standard section formats: import section, resource section, export section, debug section, relocations, delay-load imports

Dumping of sections, overlay, embedded ZIP, JAR or .class files

Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values. See here for a full list of anomalies

Visualize a PE file’s structure as it is on disk and visualize the local entropies of a file

Calculate Shannon Entropy for files and sections

Calculate hash values for files and sections

Scan for PEiD signatures or your own signature database

Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)

Extract Unicode and ASCII strings contained in the file

Overlay detection and dumping

Extract ICO files from resource section

You can learn more about the tool from the project page.

Load More Related Articles
Load More In Software
Comments are closed.