pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware.
Dependencies
- pefile
- filemagic
Note: On Mac – Apple has implemented their own version of the file command. However, libmagic can be installed using homebrew
$ brew install libmagic
Usage
usage: pftriage [options] Show information about a file for triage. positional arguments: file The file to triage. optional arguments: -h, --help show this help message and exit -i, --imports Display import tree -s, --sections Display overview of sections. For more detailed info pass the -v switch --removeoverlay Remove overlay data. --extractoverlay Extract overlay data. -r, --resources Display resource informations -D DUMP_OFFSET, --dump DUMP_OFFSET Dump data using the passed offset or 'ALL'. Currently only works with resources. -a, --analyze Analyze the file. -v, --verbose Display version. -V, --version Print version and exit.
Leave a Reply