python-pefile-1.2.10_114-1.{fc13,fc14,fc15,fc16,el5,el6}.noarch.rpm -
Python-pefile is a multi-platform Python module to read and work with Portable Executable (aka PE) files.
Most of the information in the PE Header is accessible, as well as all the sections, section's information and data.
Pefile requires some basic understanding of the layout of a PE file. Armed with it it's possible to explore nearly every single feature of the file.
Some of the tasks that pefile makes possible are:
Modifying and writing back to the PE image
Header Inspection
Sections analysis
Retrieving data
Warnings for suspicious and malformed values
Packer detection with PEiD’s signatures
PEiD signature generation
Please, refer to UsageExamples for starting points on how to use pefile.
To work with authenticated binaries, including Authenticode signatures, please check the project verify-sigs.
AdobeMalwareClassifier-1.0-1.{fc13,fc14,fc15,fc16,el6}.{i386,x86_64}.rpm - AdobeMalwareClassifier
is a tool that perform quick, easy classification of binaries for malware analysis.
The Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file
contains malware so they can develop malware detection signatures faster, reducing the time during which users' systems are vulnerable.
The tool uses machine-learning algorithms to classify Win32 binaries - EXEs and DLLs - into three classes: 0 for "clean," 1 for "malicious," or "UNKNOWN."
The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown
binary as "clean," "malicious," or "unknown."
The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000
malicious programs and 16,000 clean programs.