-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPKG-INFO
More file actions
105 lines (83 loc) · 4.33 KB
/
PKG-INFO
File metadata and controls
105 lines (83 loc) · 4.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
Metadata-Version: 2.1
Name: ProgramExecutableAnalyzer
Version: 1.1.2
Summary: This script analyzes MZ-PE (MS-DOS) executable.
Home-page: https://github.com/mauricelambert/ProgramExecutableAnalyzer
Author: Maurice Lambert
Author-email: mauricelambert434@gmail.com
Maintainer: Maurice Lambert
Maintainer-email: mauricelambert434@gmail.com
License: GPL-3.0 License
Project-URL: Executable, https://mauricelambert.github.io/info/python/security/ProgramExecutableAnalyzer.pyz
Keywords: PE,MZ,DLL,MS-DOS,Program,Forensic,Analysis,Executable,Malware-Analysis,Reverse-Engineering
Platform: Windows
Platform: Linux
Platform: MacOS
Classifier: Topic :: Security
Classifier: Environment :: Console
Classifier: Natural Language :: English
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3.9
Classifier: Operating System :: MacOS
Classifier: Operating System :: POSIX :: Linux
Classifier: Operating System :: Microsoft :: Windows
Classifier: Development Status :: 5 - Production/Stable
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE.txt
# Program Executable Analyzer
## Description
This script analyzes MZ-PE (MS-DOS) executable file.
This tool is useful for malware analysis or debug/understand compiled dependencies.
1. Verify signature and print informations about signature and trust
2. Analyze DLLs and imported functions name
3. Analyze exported functions name
4. Get executable filename at the compiled time
6. Get encodings and languages used for compilation
7. Print informations about rich headers
8. Get timestamps saved in executable
9. Print informations about sections and characteristics (permissions, ect...)
10. Print the entry point position and section
11. Get architecture, system version, resources (Version file, Manifest)
12. Get company name, product name, product version, copyright
13. Sections names, sizes, addresses and characteristics
14. Analyze MS-DOS and NT headers
15. When *matplotlib* is installed, generate charts to compare sections on the disk and in the memory
16. When *matplotlib* and *EntropyAnalysis* are installed, generate charts for entropy analysis (with sections)
17. Extract overlay
TODO: analyze results to detect language and score the risk.
## Requirements
- python3
- Python 3 Standard library
### Optional
- matplotlib
- EntropyAnalysis
> *Matplotlib* and *EntropyAnalysis* are not installed by *ProgramExecutableAnalyzer* because this package can be installed on server without GUI.
>> You can install optinal required packages with the following command: `python3 -m pip install matplotlib EntropyAnalysis`
## Installation
```bash
pip install ProgramExecutableAnalyzer
```
## Usages
```bash
python3 ProgramExecutableAnalyzer.py -h
python3 ProgramExecutableAnalyzer.py executable.exe
python3 ProgramExecutableAnalyzer.py -c executable.exe # No color
python3 ProgramExecutableAnalyzer.py -v executable.exe # Verbose mode
```
## Screenshots
## Links
- [Github Page](https://github.com/mauricelambert/ProgramExecutableAnalyzer/)
- [Pypi package](https://pypi.org/project/ProgramExecutableAnalyzer/)
- [Python Executable](https://mauricelambert.github.io/info/python/security/ProgramExecutableAnalyzer.pyz)
- [Windows Executable](https://mauricelambert.github.io/info/python/security/ProgramExecutableAnalyzer.exe)
## Licence
Licensed under the [GPL, version 3](https://www.gnu.org/licenses/).