GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → K-atc → PEiD

K-atc / PEiD

Licence: MIT license
Yet another implementation of PEiD with yara

Programming Languages

go
31211 projects - #10 most used programming language
Makefile
30231 projects

Labels

binary-analysisyarayara-rulespeid

Projects that are alternatives of or similar to PEiD

yara-validator
Validates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+208.33%)
Mutual labels:  yara, yara-rules
ThreatKB
Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
Stars: ✭ 68 (+466.67%)
Mutual labels:  yara, yara-rules
PhishingKit-Yara-Search
Yara scan Phishing Kit's Zip archive(s)
Stars: ✭ 24 (+100%)
Mutual labels:  yara, yara-rules
Judge-Jury-and-Executable
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+450%)
Mutual labels:  yara, yara-rules
Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+18375%)
Mutual labels:  yara, yara-rules
yara-forensics
Set of Yara rules for finding files using magics headers
Stars: ✭ 115 (+858.33%)
Mutual labels:  yara, yara-rules
factual-rules-generator
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (+416.67%)
Mutual labels:  yara, yara-rules
threat-intel
Signatures and IoCs from public Volexity blog posts.
Stars: ✭ 130 (+983.33%)
Mutual labels:  yara, yara-rules
yarasploit
YaraSploit is a collection of Yara rules generated from Metasploit framework shellcodes.
Stars: ✭ 31 (+158.33%)
Mutual labels:  yara, yara-rules
yara-rules
Yara rules written by me, for free use.
Stars: ✭ 13 (+8.33%)
Mutual labels:  yara, yara-rules
Hyara
Yara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)
Stars: ✭ 142 (+1083.33%)
Mutual labels:  yara, yara-rules
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (+2275%)
Mutual labels:  binary-analysis, yara
static file analysis
Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
Stars: ✭ 34 (+183.33%)
Mutual labels:  yara, yara-rules
freki
🐺 Malware analysis platform
Stars: ✭ 327 (+2625%)
Mutual labels:  binary-analysis, yara
Die Engine
DIE engine
Stars: ✭ 648 (+5300%)
Mutual labels:  binary-analysis, yara
Pref
Portable Reverse Engineering Framework
Stars: ✭ 127 (+958.33%)
Mutual labels:  binary-analysis
Gtirb
Intermediate Representation for Binary analysis and transformation
Stars: ✭ 190 (+1483.33%)
Mutual labels:  binary-analysis
Kiewtai
A port of Kaitai to the Hiew hex editor
Stars: ✭ 108 (+800%)
Mutual labels:  binary-analysis
Bap
Binary Analysis Platform
Stars: ✭ 1,385 (+11441.67%)
Mutual labels:  binary-analysis
Lief
Authors
Stars: ✭ 2,730 (+22650%)
Mutual labels:  binary-analysis
View All Similar Projects ➔

PEiD (alpha version)

Yet another implementation of PEiD with yara

Download

You can get pre-build binary here: https://github.com/K-atc/PEiD/releases

Features

  • don't need to install yara and download yara rules
  • support multiple file types: PE, Malicious Documents, etc
  • multi platform support: Linux, Windows
  • analyze outputs of yara (see following output)

Usage

% ./PEiD --prepare # if yara and yara rules does not exists 
INFO[0000] prepare successfuly                          
% ./PEiD cmd/anti_dbg_msgbox/anti_dbg_msgbox-upx.exe
INFO[0000] yara = '/home/katc/bin/PEiD/yara'            
INFO[0000] all requirements met                         
RULES_FILE = /home/katc/malware/rules/index.yar
cmd/anti_dbg_msgbox/anti_dbg_msgbox-upx.exe =>
  PE : 32 bit
  DLL : no
  Packed : yes
  Anti-Debug : no (yes)
  GUI Program : no (yes)
  Console Program : yes
  contains base64
  PEiD : ["UPX_wwwupxsourceforgenet_additional" "yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h" "UPX_290_LZMA" "UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser" "UPX_290_LZMA_additional" "UPX_wwwupxsourceforgenet"]

Requirement

run

there's no requirements!

build

install

  • git
  • make
  • go
  • go-bindata

Build

(optional) Download latest following releases to /data

Run following command to go get packages

export GOPATH=`pwd`
make init

Finally,

make

TODO

  • Colorize analysis result
  • Support Mac
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].