ConventionEngine Logo

ConventionEngine

0
Free
38
26 Jul 2021
10 September 2025
Visit Website

ConventionEngine is a collection of Yara rules designed to analyze Portable Executable (PE) files by examining their Program Database (PDB) paths for suspicious characteristics. The tool focuses on identifying PEs that contain PDB paths with unique, unusual, or overtly malicious-looking keywords, terms, or other anomalous features that may indicate malicious intent or unprofessional development practices. The analysis framework categorizes findings into three main areas: - Keywords: String words used by malware developers to organize files, folders, and code projects that often describe malware functionality - Terms: String words appearing in paths that result from operating system, software, or user behavior, potentially indicating solo development or non-enterprise software projects - Anomalies: Less common but suspicious indicators of various malicious behaviors The tool leverages research and methodologies documented in FireEye blog series and accompanying documentation, providing a systematic approach to identifying potentially malicious executables through PDB path analysis.

FEATURES

SIMILAR TOOLS

Yabin creates Yara signatures from malware to find similar samples.

An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.

A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.

Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.

Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.

An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.

A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.

A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.

A collaborative malware analysis framework with various features for automated analysis tasks.

PINNED

RoboShadow Logo

A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.

Vulnerability Management
Proton Pass Logo

Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.

Data Protection
NordVPN Logo

NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.

Network Security
Mandos Logo

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
CybersecTools logoCybersecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved