| 4n4lDetector |
GitHub Release |
Advanced static analysis tool |
malware-analysis, pe-analysis, detection |
.exe, .dll |
Full only |
| ASL |
Git |
Detect packer, compiler, protector, .NET obfuscator, PUA application |
pe-analysis, packer-detection |
.exe |
|
| HollowsHunter |
GitHub Release |
Scans running processes. Recognizes and dumps a variety of in-memory implants |
malware-analysis, pe-analysis, dynamic-analysis |
.exe, .dll, .dmp |
|
| PE-bear |
GitHub Release |
A tool for analyzing PE files |
pe-analysis, reverse-engineering |
.exe, .dll, .sys |
|
| PE-sieve |
GitHub Release |
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). |
pe-analysis, malware-analysis, dynamic-analysis |
.exe, .dll |
|
| PE-utils |
GitHub Release |
A set of small utilities, helpers for PIN tracers. |
pe-analysis, reverse-engineering |
.exe, .dll, .sys |
|
| WinObjEx64 |
GitHub Release |
WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. |
windows, debugging |
|
|
| capa |
GitHub Release |
capa rules for identifying capabilities in binaries. |
malware-analysis, pe-analysis, reverse-engineering, mitre-attack |
.exe |
|
| capa Explorer Web |
HTTP |
capa Explorer Web is a web UI for exploring capa results. |
malware-analysis, visualization |
.exe, .dll |
Full only |
| capa-rules |
GitHub Release |
Rules for capa. |
|
|
|
| debloat |
GitHub Release |
A GUI and CLI tool for removing bloat from executables |
malware-analysis, pe-analysis, deobfuscation |
.exe, .dll |
|
| dll_to_exe |
GitHub Release |
Converts a DLL into EXE |
pe-analysis, conversion |
.dll, .exe |
|
| hachoir |
Python |
Hachoir is a Python library to view and edit a binary stream field by field. In other words, Hachoir allows you to "browse" any binary stream just like you browse directories and files. |
binary-analysis, metadata, file-analysis |
.exe, .dll, .png, .jpg, .zip, .tar, .gz |
|
| lief |
Python |
|
pe-analysis, elf-analysis, binary-analysis |
.exe, .dll, .elf, .mach-o |
|
| pefile |
Python |
|
pe-analysis, reverse-engineering |
.exe, .dll, .sys |
|
| pestudio |
HTTP |
pestudio is a tool for analyzing PE files. |
pe-analysis, malware-analysis, static-analysis |
.exe, .dll, .sys |
|
| peutils |
Python |
|
pe-analysis, packer-detection |
.exe, .dll |
|
| pfp |
Python |
|
binary-analysis, file-analysis |
.bin |
|
| readpe |
GitHub Release |
The PE file analysis toolkit |
pe-analysis, reverse-engineering |
.exe, .dll, .sys |
|