PE-LiteScan (PELS) v1.1 beta (x64 & Linux))

风吹屁屁凉 · 发表于 2024-6-17 17:58

PELS analyzer

PE-LiteScan (or PELS) is a simple heuristic analyzer for common PE-anomalies, specifically focusing on the detection of packers and protectors. Designed for Windows and Linux.

Download for Windows/Linux x64

Using

Windows

PE-LiteScan-windows.exe "file_to_check.exe"

Linux

./PE-LiteScan-linux "file_to_check.exe"

Detection types

Detection Type	Description
`LAST_SECTION_ENTRYPOINT`	The entry point is located in the last section of the file.
`NO_TEXT_SECTION`	The `.text` section is missing from the PE file.
`STRANGE_OVERLAY`	Compressed data found in the overlay section of the file.
`HIGH_ENTROPY`	High entropy detected, indicating possible packed data.
`NET_ANTI_ILDASM`	The `.NET` binary has the `SuppressIldasmAttribute` attribute.
`PUSHAL_AT_ENTRY`	Strange entry point detected (e.g., starts with `PUSHAL` instruction).
`CUSTOM_DOS_STUB`	Unusual DOS stub found in the PE file.
`IMPORT_TABLE_MISSING`	The import table is missing from the PE file.
`SECTIONS_LIKE_%s`	Section names match known packer signatures (e.g., `UPX`, `VMProtect`).
`SECTION_%d_HIGH_ENTROPY`	Section contains compressed data.
`WEIRD_%d_SECTION_NAME`	Section looks very strange.

To do

More signatures for .NET

Powered by PeNet library.

https://github.com/DosX-dev/PE-LiteScan/releases

那些年打的飞机 · 发表于 2024-6-18 11:12

多谢大佬分享实用的工具

dling89 · 发表于 2024-6-18 16:16

感谢大佬无私分享，小白慢慢学习中

gtr1258 · 发表于 2024-6-20 09:02

感谢大佬分享

fengmsn · 发表于 2024-6-21 09:59

感谢大佬

帐号		自动登录	找回密码
密码			注册[Register]

[PEtools] PE-LiteScan (PELS) v1.1 beta (x64 & Linux))

PELS analyzer

Using

Detection types

To do

免费评分

本帖被以下淘专辑推荐:

个人中心