PortEX v-1.0 beta.11 released : Java library for static malware analysis of Portable Executable files.
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications.
+ Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table
+ Reading standard section formats: Import Section, Resource Section, Export Section, Debug Section, Relocations
+ Dumping of sections, overlay, embedded ZIP, JAR or .class files
+ Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values. The Beta1 release is able to detect 77 different anomalies.
+ Visualize a PE file structure as it is on disk and visualize the local entropies of the file
+ Calculate Shannon Entropy for files and sections
+ Calculate hash values for files and sections
+ Scan for PEiD signatures or your own signature database
+ Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)
+ Extract Unicode and ASCII strings contained in the file
+ Overlay detection and dumping
+ File scoring based on statistical information
Using PortEx :
Including PortEx to a Maven Project
PortEx will be added to the Central Maven Repository with its first release. Until then you can include PortEx as follows:
Download portex.pom and portex.jar and install portex to your local Maven repository as follows:
$ mvn install:install-file -Dfile=portex.jar -DpomFile=portex.pom
Now you can include PortEx to your project by adding the following Maven dependency:
Using the Fat Jar
Alternatively download portex.fat.jar and just include it to your build path.
PE Structure Image:
You can get a quick overview for the structure of a PE file by using the PE Visualizer tool. The tool creates a buffered image that shows your PE file.