This new version handles errors in PEiD’s userdb files better.
pefile does not support the full syntax used by PEiD, hence errors might occur, like this:
pecheck-v0_7_3.zip (https)
MD5: 480C9AC4BEE09CAAFB1593E214A39832
SHA256: 359A44751BAA34450B2DA92539AB425507EBB90F8F57CF50E561CCE111809637
[…] Update: pecheck.py Version 0.7.3 […]
Pingback by Week 24 – 2018 – This Week In 4n6 — Sunday 17 June 2018 @ 8:24
[…] Or use pecheck.py: […]
Pingback by Quickpost: Decoding Certutil Encoded Files | Didier Stevens — Wednesday 27 June 2018 @ 0:00
[…] Update: pecheck.py Version 0.7.3 […]
Pingback by Overview of Content Published in June | Didier Stevens — Monday 2 July 2018 @ 0:01
[…] second instance of MZ, like this: This looks like a PE-file. Let’s dump it (-d) and pass it to pecheck.py, a tool to analyze PE-files: It’s indeed a PE-file, more precisely, a 32-bit […]
Pingback by Extracting a Windows Zero-Day from an Adobe Reader Zero-Day PDF | NVISO LABS – blog — Tuesday 3 July 2018 @ 20:49
[…] best to pipe the cut-out data into pecheck, to validate that it is indeed a PE […]
Pingback by Extracting DotNetToJScript’s PE Files | Didier Stevens — Wednesday 25 July 2018 @ 0:00
[…] Tools: re-research.py, base64dump.py and pecheck.py. […]
Pingback by DotNetToJScript Analysis – Didier Stevens Videos — Sunday 19 August 2018 @ 10:26