Skip to content
/ PEiD Public

Yet another implementation of PEiD with yara

License

Notifications You must be signed in to change notification settings

K-atc/PEiD

Repository files navigation

PEiD (alpha version)

Yet another implementation of PEiD with yara

Download

You can get pre-build binary here: https://github.com/K-atc/PEiD/releases

Features

  • don't need to install yara and download yara rules
  • support multiple file types: PE, Malicious Documents, etc
  • multi platform support: Linux, Windows
  • analyze outputs of yara (see following output)

Usage

% ./PEiD --prepare # if yara and yara rules does not exists 
INFO[0000] prepare successfuly                          
% ./PEiD cmd/anti_dbg_msgbox/anti_dbg_msgbox-upx.exe
INFO[0000] yara = '/home/katc/bin/PEiD/yara'            
INFO[0000] all requirements met                         
RULES_FILE = /home/katc/malware/rules/index.yar
cmd/anti_dbg_msgbox/anti_dbg_msgbox-upx.exe =>
  PE : 32 bit
  DLL : no
  Packed : yes
  Anti-Debug : no (yes)
  GUI Program : no (yes)
  Console Program : yes
  contains base64
  PEiD : ["UPX_wwwupxsourceforgenet_additional" "yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h" "UPX_290_LZMA" "UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser" "UPX_290_LZMA_additional" "UPX_wwwupxsourceforgenet"]

Requirement

run

there's no requirements!

build

install

  • git
  • make
  • go
  • go-bindata

Build

(optional) Download latest following releases to /data

Run following command to go get packages

export GOPATH=`pwd`
make init

Finally,

make

TODO

  • Colorize analysis result
  • Support Mac

About

Yet another implementation of PEiD with yara

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published