Home

Awesome

PEiD (alpha version)

Yet another implementation of PEiD with yara

Download

You can get pre-build binary here: https://github.com/K-atc/PEiD/releases

Features

Usage

% ./PEiD --prepare # if yara and yara rules does not exists 
INFO[0000] prepare successfuly                          
% ./PEiD cmd/anti_dbg_msgbox/anti_dbg_msgbox-upx.exe
INFO[0000] yara = '/home/katc/bin/PEiD/yara'            
INFO[0000] all requirements met                         
RULES_FILE = /home/katc/malware/rules/index.yar
cmd/anti_dbg_msgbox/anti_dbg_msgbox-upx.exe =>
  PE : 32 bit
  DLL : no
  Packed : yes
  Anti-Debug : no (yes)
  GUI Program : no (yes)
  Console Program : yes
  contains base64
  PEiD : ["UPX_wwwupxsourceforgenet_additional" "yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h" "UPX_290_LZMA" "UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser" "UPX_290_LZMA_additional" "UPX_wwwupxsourceforgenet"]

Requirement

run

there's no requirements!

build

install

Build

(optional) Download latest following releases to /data

Run following command to go get packages

export GOPATH=`pwd`
make init

Finally,

make

TODO