Pe File

ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.

Yara rule generator using VirusTotal code similarity feature code-similar-to.

Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.

SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.

A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.

PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.

A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.

A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.

A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.

CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

An open-source shellcode and PE packer for creating and managing portable executable files.

Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.