Tools

PortEx: Java library for static malware analysis of portable executable files

PortEx is a Java library for static malware analysis of portable executable files. Its focus is on PE malformation robustness and anomaly detection. PortEx is written in Java and Scala and targeted at Java applications.

Features

  • Reading Header information from MS-DOS Header, COFF File Header, Optional Header, Section Table
  • Reading standard section formats: import section, resource section, export section, debug section, relocations, delay-load imports
  • Dumping of sections, overlay, embedded ZIP, JAR or .class files
  • Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values. See here for a full list of anomalies
  • Visualize a PE file’s structure as it is on disk and visualize the local entropies of a file
  • Calculate Shannon Entropy for files and sections
  • Calculate hash values for files and sections
  • Scan for PEiD signatures or your own signature database
  • Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)
  • Extract Unicode and ASCII strings contained in the file
  • Overlay detection and dumping
  • Extract ICO files from resource section

For more information have a look at PortEx Wiki and the Documentation

PortExAnalyzer

PortExAnalyzer is a command line tool that runs the library PortEx under the hood. If you are looking for a readily compiled command line PE scanner to analyze files with it, download it from here PortexAnalyzer.jar

Using PortEx

Including PortEx to a Maven Project

You can include PortEx to your project by adding the following Maven dependency:

<dependency>
<groupId>com.github.katjahahn</groupId>
<artifactId>portex_2.10</artifactId>
<version>2.0.8</version>
</dependency> 

To use a local build, add the library as follows:

<dependency>
<groupId>com.github.katjahahn</groupId>
<artifactId>portex_2.10</artifactId>
<version>2.0.8</version>
<scope>system</scope>
<systemPath>$PORTEXDIR/target/scala-2.10/portex_2.10-2.0.6.jar</systemPath>
</dependency> 

Including PortEx to an SBT project

Add the dependency as follows in your build.sbt

libraryDependencies += "com.github.katjahahn" % "portex_2.10" % "2.0.2"

Source: https://github.com/katjahahn/PortEx

 

 

 

Πηγή : securityonline

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

Leave a Reply