|
Are you looking for a tool to analyze Windows Portable Executable (PE) files? Consider using pedump a ruby win32 PE binary file analyzer. It currently support DOS MZ EXE, win16 NE and win32/64 PE. There are several ways to install the ruby package; however, the simplest way is to execute "gem install pedump" from a Linux workstation. You can also download the file here or use the pedump website to upload your file for analysis. This example shows the output from the pedump website.
You can obtain the same results as this output with the command line version by executing "pedump --all SetupCasinoRoyal.exe". The command line version doesn't currently have foremost, hexdump or the disassembler function. However, you can get the same hexdump output by executing "hexdump -C SetupCasinoRoyal.exe" from your Unix system. guy@seeker:~/malware/casino$ hexdump -C SetupCasinoRoyal.exe |more This tool provides an easy way to dump headers, find packers and resources used by exe and dll, in the end providing a quick look inside suspicious PE file. [1] http://pedump.me/ ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 515 Posts ISC Handler Jul 5th 2014 |
| Thread locked Subscribe |
Jul 5th 2014 7 years ago |
|
Click here to download is triggering virus alerts
|
Anonymous |
| Quote |
Feb 25th 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
