https://github.com/ffri/pypeid

Yet another implementation of PEiD with yara-python
https://github.com/ffri/pypeid

Last synced: about 1 year ago
JSON representation

Yet another implementation of PEiD with yara-python

• Host: GitHub
• URL: https://github.com/ffri/pypeid
• Owner: FFRI
• License: apache-2.0
• Created: 2020-05-18T08:30:37.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2024-06-17T11:19:03.000Z (about 2 years ago)
• Last Synced: 2025-04-15T03:15:31.896Z (about 1 year ago)
• Language: Python
• Size: 105 KB
• Stars: 6
• Watchers: 2
• Forks: 2
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# pypeid

[![Checked with mypy](http://www.mypy-lang.org/static/mypy_badge.svg)](http://mypy-lang.org/)

Yet another implementation of [PEiD](https://github.com/K-atc/PEiD) with yara-python

## Requirements

- Python 3.12

- Poetry 1.7+

## Install

```

$ git clone --recursive https://github.com/FFRI/pypeid.git

$ cd pypeid

$ poetry shell

$ poetry install --no-root

$ poetry build

$ pip install dist/pypeid-0.1.3-py3-none-any.whl

$ python

>>> from pypeid import PEiDScanner

>>> scanner = PEiDScanner()

>>> scanner.scan_file("/mnt/c/Windows/System32/notepad.exe")

{'PE': '64 bit', 'DLL': 'no', 'Packed': 'no', 'Anti-Debug': 'no', 'GUI Program': 'yes', 'Console Program': 'no', 'mutex': 'yes', 'contains base64': 'yes', 'PEiD': ['Microsoft_Visual_Cpp_80_DLL'], 'AntiDebug': []}

```

## Run unit test

```

$ poetry run pytest

==================================================================================== test session starts ====================================================================================

platform linux -- Python 3.12.2, pytest-8.1.1, pluggy-1.4.0

rootdir: /home/ffri/pypeid

configfile: pyproject.toml

collected 3 items

tests/test_scanner.py ...                                                                                                                                                             [100%]

===================================================================================== 3 passed in 1.16s =====================================================================================

```

## Tested platform

- Ubuntu 22.04 on WSL2 & Python 3.12.2

## Author

Koh M. Nakagawa. © FFRI Security, Inc. 2020-2024