Linux Forensics Tools Repository: Package Summary for Packages on April 10, 2012:

  • python-pefile-1.2.10_114-1.{fc13,fc14,fc15,fc16,el5,el6}.noarch.rpm - Python-pefile is a multi-platform Python module to read and work with Portable Executable (aka PE) files. Most of the information in the PE Header is accessible, as well as all the sections, section's information and data. pefile requires some basic understanding of the layout of a PE file. Armed with it it's possible to explore nearly every single feature of the file. Some of the tasks that pefile makes possible are:
    • Modifying and writing back to the PE image
    • Header Inspection
    • Sections analysis
    • Retrieving data
    • Warnings for suspicious and malformed values
    • Packer detection with PEiD’s signatures
    • PEiD signature generation
    Please, refer to UsageExamples for starting points on how to use pefile. To work with authenticated binaries, including Authenticode signatures, please check the project verify-sigs.
  • AdobeMalwareClassifier-1.0-1.{fc13,fc14,fc15,fc16,el6}.{i386,x86_64}.rpm - AdobeMalwareClassifier is a tool that perform quick, easy classification of binaries for malware analysis.

    The Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware so they can develop malware detection signatures faster, reducing the time during which users' systems are vulnerable.

    The tool uses machine-learning algorithms to classify Win32 binaries - EXEs and DLLs - into three classes: 0 for "clean," 1 for "malicious," or "UNKNOWN."

    The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary as "clean," "malicious," or "unknown."

    The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs.