Skip to content

bugourmet/pypeof

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

.vscode

.vscode

 
 

images

images

 
 

.pylintrc

.pylintrc

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

pyPEOF.py

pyPEOF.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

pyPEof

GitHub stars GitHub license GitHub forks GitHub issues GitHub pull requests GitHub last commit

pyPEof is a Python script for detecting suspicious EOF data on a valid PE file.

Malware often appends to EOF payloads,C2 configuration and other malicious data.

This script

  • checks if the PE file is valid then checks image architecture.

  • calculates the expected size of the file trough the PE Header and compares it with file size on the disk. (If the size on disk is not equal to the size described by the PE Header then we likely have an infected/modified file.)

  • prints the EOF data and prompts user to dump it to a file.

Main goal of this "project" was learning more about the PE fileformat and common techniques used by malware authors.

Code is not perfect and improvements/suggestions are welcome.

Installation 📦

Install necessary dependencies via pip Install necessary dependencies.

pip install -r requirements.txt

Usage 📖

Run:

./pyPEOF.py -f pefile.exe

Console output:

alt text

Contributing 🤝

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License 📜

MIT

About

Python script that detects PE File EOF Data

Topics

python pefile malware malware-analysis pe eof eof-analysis

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages