PE Parser: A Python package for Portable Executable files processing

Artigo Acesso aberto Revisado por pares

PE Parser: A Python package for Portable Executable files processing

2022; Elsevier BV; Volume: 13; Linguagem: Inglês

10.1016/j.simpa.2022.100365

ISSN

2665-9638

Autores

Daniel Gibert,

Tópico(s)

Digital Media Forensic Detection

Resumo

PE Parser is a Python package to parse and work with the hexadecimal representation of executables' binary content and its assembly language source code. PE Parser has been designed to provide a class-based and user-friendly interface for the extraction of well-known features commonly used for the task of malware detection and classification such as byte and opcode N-Grams, API function calls, the frequency of use of the registers, characteristics of the Portable Executable file sections, among others. In addition, PE Parser has various command line tools to visualize the executables as grayscale images or as a stream of entropy values.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

PE Parser: A Python package for Portable Executable files processing