├── README.rst ├── install-peframe-termux.sh ├── install.sh ├── peframe ├── __init__.py ├── config │ └── config-peframe.json ├── modules │ ├── __init__.py │ ├── apialert.py │ ├── autocomplete.py │ ├── directories.py │ ├── features.py │ ├── fileurl.py │ ├── functions.py │ ├── macro.py │ ├── meta.py │ ├── sections.py │ ├── stringstat.py │ ├── virustotal.py │ └── yara_check.py ├── peframe.py ├── peframecli.py └── signatures │ ├── stringsmatch.json │ ├── userdb.txt │ └── yara_plugins │ ├── doc │ ├── JJencode.yar │ ├── Javascript_exploit_and_obfuscation.yar │ ├── Maldoc_APT10_MenuPass.yar │ ├── Maldoc_APT19_CVE-2017-1099.yar │ ├── Maldoc_APT_OLE_JSRat.yar │ ├── Maldoc_CVE-2017-0199.yar │ ├── Maldoc_CVE_2017_11882.yar │ ├── Maldoc_CVE_2017_8759.yar │ ├── Maldoc_Contains_VBE_File.yar │ ├── Maldoc_DDE.yar │ ├── Maldoc_Dridex.yar │ ├── Maldoc_Hidden_PE_file.yar │ ├── Maldoc_MIME_ActiveMime_b64.yar │ ├── Maldoc_PowerPointMouse.yar │ ├── Maldoc_Suspicious_OLE_target.yar │ ├── Maldoc_UserForm.yar │ ├── Maldoc_VBA_macro_code.yar │ ├── Maldoc_Word_2007_XML_Flat_OPC.yar │ ├── Maldoc_hancitor_dropper │ ├── Maldoc_malrtf_ole2link.yar │ ├── maldoc_somerules.yar │ └── pdf │ │ └── Maldoc_PDF.yar │ └── pe │ ├── antidebug_antivm.yar │ ├── crypto_signatures.yar │ ├── packer.yar │ ├── packer_compiler_signatures.yar │ ├── peid.yara │ └── peid_to_remove.yara ├── requirements.txt └── setup.py /README.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/README.rst -------------------------------------------------------------------------------- /install-peframe-termux.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/install-peframe-termux.sh -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/install.sh -------------------------------------------------------------------------------- /peframe/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /peframe/config/config-peframe.json: -------------------------------------------------------------------------------- 1 | { 2 | "virustotal": "" 3 | } -------------------------------------------------------------------------------- /peframe/modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /peframe/modules/apialert.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/apialert.py -------------------------------------------------------------------------------- /peframe/modules/autocomplete.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/autocomplete.py -------------------------------------------------------------------------------- /peframe/modules/directories.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/directories.py -------------------------------------------------------------------------------- /peframe/modules/features.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/features.py -------------------------------------------------------------------------------- /peframe/modules/fileurl.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/fileurl.py -------------------------------------------------------------------------------- /peframe/modules/functions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/functions.py -------------------------------------------------------------------------------- /peframe/modules/macro.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/macro.py -------------------------------------------------------------------------------- /peframe/modules/meta.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/meta.py -------------------------------------------------------------------------------- /peframe/modules/sections.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/sections.py -------------------------------------------------------------------------------- /peframe/modules/stringstat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/stringstat.py -------------------------------------------------------------------------------- /peframe/modules/virustotal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/virustotal.py -------------------------------------------------------------------------------- /peframe/modules/yara_check.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/modules/yara_check.py -------------------------------------------------------------------------------- /peframe/peframe.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/peframe.py -------------------------------------------------------------------------------- /peframe/peframecli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/peframecli.py -------------------------------------------------------------------------------- /peframe/signatures/stringsmatch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/stringsmatch.json -------------------------------------------------------------------------------- /peframe/signatures/userdb.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/userdb.txt -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/JJencode.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/JJencode.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Javascript_exploit_and_obfuscation.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Javascript_exploit_and_obfuscation.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_APT10_MenuPass.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_APT10_MenuPass.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_APT19_CVE-2017-1099.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_APT19_CVE-2017-1099.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_APT_OLE_JSRat.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_APT_OLE_JSRat.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_CVE-2017-0199.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_CVE-2017-0199.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_CVE_2017_11882.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_CVE_2017_11882.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_CVE_2017_8759.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_CVE_2017_8759.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_Contains_VBE_File.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_Contains_VBE_File.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_DDE.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_DDE.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_Dridex.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_Dridex.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_Hidden_PE_file.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_Hidden_PE_file.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_MIME_ActiveMime_b64.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_MIME_ActiveMime_b64.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_PowerPointMouse.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_PowerPointMouse.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_Suspicious_OLE_target.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_Suspicious_OLE_target.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_UserForm.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_UserForm.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_VBA_macro_code.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_VBA_macro_code.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_Word_2007_XML_Flat_OPC.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_Word_2007_XML_Flat_OPC.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_hancitor_dropper: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_hancitor_dropper -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/Maldoc_malrtf_ole2link.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/Maldoc_malrtf_ole2link.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/maldoc_somerules.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/maldoc_somerules.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/doc/pdf/Maldoc_PDF.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/doc/pdf/Maldoc_PDF.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/pe/antidebug_antivm.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/pe/antidebug_antivm.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/pe/crypto_signatures.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/pe/crypto_signatures.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/pe/packer.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/pe/packer.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/pe/packer_compiler_signatures.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/pe/packer_compiler_signatures.yar -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/pe/peid.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/pe/peid.yara -------------------------------------------------------------------------------- /peframe/signatures/yara_plugins/pe/peid_to_remove.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/peframe/signatures/yara_plugins/pe/peid_to_remove.yara -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/requirements.txt -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guelfoweb/peframe/HEAD/setup.py --------------------------------------------------------------------------------