PEframe is an open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti-virtual machine, suspicious sections and functions, and much more information about the suspicious files.

Requirements:

• Python 2.7.x

Installation:

• To install from PyPI:

# pip install https://github.com/guelfoweb/peframe/archive/master.zip

• To install from source:

$ git clone https://github.com/guelfoweb/peframe.git
 $ cd peframe
 # python setup.py install

Note: For Windows environment, you need to follow the instructions here:

• https://github.com/ahupp/python-magic#dependencies

Usage:

$ peframe <filename>            Short output analysis
 
 $ peframe --json <filename>     Full output analysis JSON format
 
 $ peframe --strings <filename>  Strings output