Jump to content

Locked PortEx: Java library for static malware analysis of Portable Executable files


Recommended Posts

This is the hidden content, please

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications.


    Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table
    Reading PE structures: Imports, Resources, Exports, Debug Directory, Relocations, Delay Load Imports, Bound Imports
    Dumping of sections, resources, overlay, embedded ZIP, JAR or .class files
    Scanning for file format anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values.
    Visualize PE file structure, local entropies and byteplot of the file with variable colors and sizes
    Calculate Shannon Entropy and Chi Squared for files and sections
    Calculate ImpHash and Rich and RichPV hash values for files and sections
    Parse RichHeader and verify checksum
    Calculate and verify Optional Header checksum
    Scan for PEiD signatures, internal file type signatures or your own signature database
    Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)
    Extract Unicode and ASCII strings contained in the file
    Extraction and conversion of .ICO files from icons in the resource section
    Extraction of version information and manifest from the file
    Reading .NET metadata and streams (Alpha)

This is the hidden content, please

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.