PortEx Analyzer
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection.PortEx is written in Java and Scala, and targeted at Java applications.https://camo.githubusercontent.com/dc9408d203ba6bb5a1442249ba68dbf257780a2c/687474703a2f2f692e696d6775722e636f6d2f374e427a65344f2e706e67
Features
[*]Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table
[*]Reading standard section formats: Import Section, Resource Section, Export Section, Debug Section, Relocations
[*]Dumping of sections, overlay, embedded ZIP, JAR or .class files
[*]Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values.
[*]Visualize a PE file structure as it is on disk and visualize the local entropies of the file
[*]Calculate Shannon Entropy for files and sections
[*]Calculate hash values for files and sections
[*]Scan for PEiD signatures or your own signature database
[*]Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)
[*]Extract Unicode and ASCII strings contained in the file
[*]Overlay detection and dumping
[*]Extraction of ICO files from resource section
[*]Extraction of version information from the file
Download latest version:
https://github.com/katjahahn/PortEx/tree/master/progs
Regards,
usage:
java -jar PortexAnalyzer.jar -v
java -jar PortexAnalyzer.jar -h
java -jar PortexAnalyzer.jar --repair <file>
java -jar PortexAnalyzer.jar --dump <all|resources|overlay|sections|ico> <imagefile>
java -jar PortexAnalyzer.jar --diff <filelist or folder>
java -jar PortexAnalyzer.jar --pdiff <file1> <file2> <imagefile>
java -jar PortexAnalyzer.jar [-a] [-o <outfile>] [-p <imagefile> [-bps <bytes>] [--visoverlay <textfile>]] [-i <folder>] <PEfile>
-h,--help show help
-v,--version show version
-a,--all show all info (slow and unstable!)
-o,--output write report to output file
-p,--picture write image representation of the PE to output file
-bps bytes per square in the image
--visoverlay text file input with square pixels to mark on the visualization
--repair repair the PE file, use this if your file is not recognized as PE
--dump dump resources, overlay, sections, icons
--diff compare several files and show common characteristics (alpha feature)
--pdiff create a diff visualization
-i,--ico extract icons from the resource section as .ico file
Sample:
Here is the image that created from the above command:
Regards,
你好,请问一下具体怎么用啊?
为啥我java -jar PortexAnalyzer.jar -p ./WSAConnect.exe不能生成像哈勃那样的图片啊? 哇 这是什么东东呢 有大神能解释一下吗? 小马五面 发表于 2017-7-6 19:13
有大神能解释一下吗?
恶意软件分析执行程序 大哥,都是 中国人,英语水平不高啊 分析仪。。 楼主舍不得说句汉语吗 我说此图如此熟悉原来哈勃里面也有 这玩意不错,是个综合工具。 王美君 发表于 2017-7-7 00:27
大哥,都是 中国人,英语水平不高啊
这位是越南朋友,本人有幸邀请过来注册。
页:
[1]
2