pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware.
Dependencies
- pefile
- filemagic
Note: On Mac – Apple has implemented their own version of the file command. However, libmagic can be installed using homebrew
$ brew install libmagic
Usage
usage: pftriage [options]
Show information about a file for triage.
positional arguments:
file The file to triage.
optional arguments:
-h, --help show this help message and exit
-i, --imports Display import tree
-s, --sections Display overview of sections. For more detailed info
pass the -v switch
--removeoverlay Remove overlay data.
--extractoverlay Extract overlay data.
-r, --resources Display resource informations
-D DUMP_OFFSET, --dump DUMP_OFFSET
Dump data using the passed offset or 'ALL'. Currently
only works with resources.
-a, --analyze Analyze the file.
-v, --verbose Display version.
-V, --version Print version and exit.
Leave a Reply