Didier Stevens

Wednesday 14 December 2016

Update: pecheck.py Version 0.6.0 – Overview Of Resources

Filed under: Malware,My Software,Update — Didier Stevens @ 0:00

This new version can produce a compact overview of all the resources in a PE file using option o: -o r.  Here is the overview of resources in an exe (malware) created with iexpress:


It contains a cab file with 2 executables, which are executed after extraction (no surprise):


pecheck-v0_6_0.zip (https)
MD5: D3A9C71AAF63D83884B4FEF2C2C21D03
SHA256: 08DB82F190AEEB065A65FEE0DD03D20B0CC788878C4864B537BBD1807E4D6B71

Blog at WordPress.com.