{"id":20292474,"url":"https://github.com/mauricelambert/programexecutableanalyzer","last_synced_at":"2025-04-11T11:22:23.749Z","repository":{"id":148972019,"uuid":"621007346","full_name":"mauricelambert/ProgramExecutableAnalyzer","owner":"mauricelambert","description":"This script analyzes MZ-PE (MS-DOS) executable file","archived":false,"fork":false,"pushed_at":"2025-01-27T13:12:01.000Z","size":185,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-25T07:41:36.378Z","etag":null,"topics":["analysis","dll","executable","forensics","malware-analysis","microsoft","ms-dos","pe","pe-analysis","pe-analyzer","python3","reverse-engineering","security","static-analysis","windows"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mauricelambert.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-29T20:04:05.000Z","updated_at":"2025-01-27T13:12:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"484eee86-a594-4fde-9766-3f7e044906f5","html_url":"https://github.com/mauricelambert/ProgramExecutableAnalyzer","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricelambert%2FProgramExecutableAnalyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricelambert%2FProgramExecutableAnalyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricelambert%2FProgramExecutableAnalyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricelambert%2FProgramExecutableAnalyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mauricelambert","download_url":"https://codeload.github.com/mauricelambert/ProgramExecutableAnalyzer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248382121,"owners_count":21094540,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","dll","executable","forensics","malware-analysis","microsoft","ms-dos","pe","pe-analysis","pe-analyzer","python3","reverse-engineering","security","static-analysis","windows"],"created_at":"2024-11-14T15:17:25.121Z","updated_at":"2025-04-11T11:22:23.741Z","avatar_url":"https://github.com/mauricelambert.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"![ProgramExecutableAnalyzer Logo](https://mauricelambert.github.io/info/python/security/ProgramExecutableAnalyzer_small.png \"ProgramExecutableAnalyzer logo\")\r\n\r\n# Program Executable Analyzer\r\n\r\n## Description\r\n\r\nThis script analyzes MZ-PE (MS-DOS) executable file.\r\n\r\nThis tool is useful for malware analysis or debug/understand compiled dependencies.\r\n\r\n 1. Verify signature and print informations about signature and trust\r\n 2. Analyze DLLs and imported functions name\r\n 3. Analyze exported functions name\r\n 4. Get executable filename at the compiled time\r\n 6. Get encodings and languages used for compilation\r\n 7. Print informations about rich headers\r\n 8. Get timestamps saved in executable\r\n 9. Print informations about sections and characteristics (permissions, ect...)\r\n 10. Print the entry point position and section\r\n 11. Get architecture, system version, resources (Version file, Manifest)\r\n 12. Get company name, product name, product version, copyright\r\n 13. Sections names, sizes, addresses and characteristics\r\n 14. Analyze MS-DOS and NT headers\r\n 15. When *matplotlib* is installed, generate charts to compare sections on the disk and in the memory\r\n 16. When *matplotlib* and *EntropyAnalysis* are installed, generate charts for entropy analysis (with sections)\r\n 17. Extract overlay\r\n\r\nTODO: analyze results to detect language and score the risk.\r\n\r\n## Requirements\r\n\r\n - python3\r\n - Python 3 Standard library\r\n\r\n### Optional\r\n\r\n - matplotlib\r\n - EntropyAnalysis\r\n\r\n\u003e *Matplotlib* and *EntropyAnalysis* are not installed by *ProgramExecutableAnalyzer* because this package can be installed on server without GUI.\r\n\u003e\u003e You can install optinal required packages with the following command: `python3 -m pip install matplotlib EntropyAnalysis`\r\n\r\n## Installation\r\n\r\n```bash\r\npip install ProgramExecutableAnalyzer\r\n```\r\n\r\n## Usages\r\n\r\n```bash\r\npython3 ProgramExecutableAnalyzer.py -h\r\npython3 ProgramExecutableAnalyzer.py executable.exe\r\npython3 ProgramExecutableAnalyzer.py -c executable.exe  # No color\r\npython3 ProgramExecutableAnalyzer.py -v executable.exe  # Verbose mode\r\n```\r\n\r\n## Screenshots\r\n\r\n![PE Headers Analysis](https://mauricelambert.github.io/info/python/security/PEheaders.png \"PE Headers Analysis\")\r\n![PE Headers Analysis](https://mauricelambert.github.io/info/python/security/PEversion.png \"PE Version Analysis\")\r\n![PE Imports Analysis](https://mauricelambert.github.io/info/python/security/PEimports.png \"PE Imports Analysis\")\r\n![PE Signature Informations](https://mauricelambert.github.io/info/python/security/Signature.png \"PE Signature Informations\")\r\n![PE Entropy Analysis](https://mauricelambert.github.io/info/python/security/PEEntropyAnalysis.png \"PE Entropy Analysis\")\r\n![PE Compare Section Size Charts](https://mauricelambert.github.io/info/python/security/CompareSectionsSizes.png \"PE Compare Section Size Charts\")\r\n\r\n## Links\r\n\r\n - [Github Page](https://github.com/mauricelambert/ProgramExecutableAnalyzer/)\r\n - [Pypi package](https://pypi.org/project/ProgramExecutableAnalyzer/)\r\n - [Python Executable](https://mauricelambert.github.io/info/python/security/ProgramExecutableAnalyzer.pyz)\r\n - [Windows Executable](https://mauricelambert.github.io/info/python/security/ProgramExecutableAnalyzer.exe)\r\n\r\n## Licence\r\n\r\nLicensed under the [GPL, version 3](https://www.gnu.org/licenses/).\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmauricelambert%2Fprogramexecutableanalyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmauricelambert%2Fprogramexecutableanalyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmauricelambert%2Fprogramexecutableanalyzer/lists"}