{"id":27933382,"url":"https://github.com/dosx-dev/pe-litescan","last_synced_at":"2025-05-07T04:58:28.794Z","repository":{"id":242553273,"uuid":"809861954","full_name":"DosX-dev/PE-LiteScan","owner":"DosX-dev","description":"A simple crossplatform heuristic PE-analyzer","archived":false,"fork":false,"pushed_at":"2024-06-16T16:36:40.000Z","size":69,"stargazers_count":218,"open_issues_count":0,"forks_count":9,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-07T04:58:24.332Z","etag":null,"topics":["aot","csharp","detect","detector","engine","entropy","hacktoberfest","heuristic","linux","malware-analysis","malware-research","packer","pentest","program-analysis","reverse-engineering","scanner","static-analysis"],"latest_commit_sha":null,"homepage":"https://dosx.su","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DosX-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-03T15:34:05.000Z","updated_at":"2025-04-27T01:22:07.000Z","dependencies_parsed_at":"2024-06-03T18:49:36.307Z","dependency_job_id":"8fe1e7b1-1da4-443a-a411-d128cf773aea","html_url":"https://github.com/DosX-dev/PE-LiteScan","commit_stats":null,"previous_names":["dosx-dev/pe-litescan"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DosX-dev%2FPE-LiteScan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DosX-dev%2FPE-LiteScan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DosX-dev%2FPE-LiteScan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DosX-dev%2FPE-LiteScan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DosX-dev","download_url":"https://codeload.github.com/DosX-dev/PE-LiteScan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252816949,"owners_count":21808704,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aot","csharp","detect","detector","engine","entropy","hacktoberfest","heuristic","linux","malware-analysis","malware-research","packer","pentest","program-analysis","reverse-engineering","scanner","static-analysis"],"created_at":"2025-05-07T04:58:28.264Z","updated_at":"2025-05-07T04:58:28.783Z","avatar_url":"https://github.com/DosX-dev.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PELS analyzer\n**PE-LiteScan** (or **PELS**) is a simple heuristic analyzer for common PE-anomalies, specifically focusing on the detection of packers and protectors. Designed for Windows and Linux.\n\n\u003e **[Download for Windows/Linux x64](https://github.com/DosX-dev/PE-LiteScan/releases/tag/Builds)**\n\n![](pics/pic.png)\n\n# Using\n\u003e **Windows**\n\u003e ```\n\u003e PE-LiteScan-windows.exe \"file_to_check.exe\"\n\u003e ```\n\n\u003e **Linux**\n\u003e ```\n\u003e ./PE-LiteScan-linux \"file_to_check.exe\"\n\u003e ```\n\n# Detection types\n| Detection Type              | Description                                                                 |\n|-----------------------------|-----------------------------------------------------------------------------|\n| `LAST_SECTION_ENTRYPOINT`   | The entry point is located in the last section of the file.                 |\n| `NO_TEXT_SECTION`           | The `.text` section is missing from the PE file.                            |\n| `STRANGE_OVERLAY`           | Compressed data found in the overlay section of the file.                   |\n| `HIGH_ENTROPY`              | High entropy detected, indicating possible packed data.                     |\n| `NET_ANTI_ILDASM`           | The `.NET` binary has the `SuppressIldasmAttribute` attribute.              |\n| `PUSHAL_AT_ENTRY`           | Strange entry point detected (e.g., starts with `PUSHAL` instruction).      |\n| `CUSTOM_DOS_STUB`           | Unusual DOS stub found in the PE file.                                      |\n| `IMPORT_TABLE_MISSING`      | The import table is missing from the PE file.                               |\n| `SECTIONS_LIKE_%s`          | Section names match known packer signatures (e.g., `UPX`, `VMProtect`).     |\n| `SECTION_%d_HIGH_ENTROPY`   | Section contains compressed data.                                           |\n| `WEIRD_%d_SECTION_NAME`     | Section looks very strange.                                                 |\n\n# To do\n * More signatures for .NET\n\n\u003e Powered by `PeNet` library.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdosx-dev%2Fpe-litescan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdosx-dev%2Fpe-litescan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdosx-dev%2Fpe-litescan/lists"}