PortEx Analyzer

m4n0w4r

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection.PortEx is written in Java and Scala, and targeted at Java applications.



Features

• Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table
• Reading standard section formats: Import Section, Resource Section, Export Section, Debug Section, Relocations
• Dumping of sections, overlay, embedded ZIP, JAR or .class files
• Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values.
• Visualize a PE file structure as it is on disk and visualize the local entropies of the file
• Calculate Shannon Entropy for files and sections
• Calculate hash values for files and sections
• Scan for PEiD signatures or your own signature database
• Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)
• Extract Unicode and ASCII strings contained in the file
• Overlay detection and dumping
• Extraction of ICO files from resource section
• Extraction of version information from the file
  

Download latest version:
https://github.com/katjahahn/PortEx/tree/master/progs

Regards,

m4n0w4r

[Bash shell] 纯文本查看 复制代码

usage:
 java -jar PortexAnalyzer.jar -v
 java -jar PortexAnalyzer.jar -h
 java -jar PortexAnalyzer.jar --repair <file>
 java -jar PortexAnalyzer.jar --dump <all|resources|overlay|sections|ico> <imagefile>
 java -jar PortexAnalyzer.jar --diff <filelist or folder>
 java -jar PortexAnalyzer.jar --pdiff <file1> <file2> <imagefile>
 java -jar PortexAnalyzer.jar [-a] [-o <outfile>] [-p <imagefile> [-bps <bytes>] [--visoverlay <textfile>]] [-i <folder>] <PEfile>

 -h,--help          show help
 -v,--version       show version
 -a,--all           show all info (slow and unstable!)
 -o,--output        write report to output file
 -p,--picture       write image representation of the PE to output file
 -bps               bytes per square in the image
 --visoverlay       text file input with square pixels to mark on the visualization
 --repair           repair the PE file, use this if your file is not recognized as PE
 --dump             dump resources, overlay, sections, icons
 --diff             compare several files and show common characteristics (alpha feature)
 --pdiff            create a diff visualization
 -i,--ico           extract icons from the resource section as .ico file

Sample:


Here is the image that created from the above command:


Regards,

我在喝绿茶

你好，请问一下具体怎么用啊？
为啥我java -jar PortexAnalyzer.jar -p ./WSAConnect.exe不能生成像哈勃那样的图片啊？

清风尘客

哇 这是什么东东呢

小马五面

有大神能解释一下吗？

benjermen

小马五面 发表于 2017-7-6 19:13
有大神能解释一下吗？

恶意软件分析执行程序

王美君

大哥，都是 中国人，英语水平不高啊

gky86886

分析仪。。

peterq521

楼主舍不得说句汉语吗

Monitor

我说此图如此熟悉  原来哈勃里面也有

冥界3大法王

这玩意不错，是个综合工具。

Sound

王美君 发表于 2017-7-7 00:27
大哥，都是 中国人，英语水平不高啊

这位是越南朋友,本人有幸邀请过来注册。