Didier Stevens

Wednesday 14 December 2016

Update: pecheck.py Version 0.6.0 – Overview Of Resources

Filed under: Malware,My Software,Update — Didier Stevens @ 0:00

This new version can produce a compact overview of all the resources in a PE file using option o: -o r.  Here is the overview of resources in an exe (malware) created with iexpress:

20161213-215750

It contains a cab file with 2 executables, which are executed after extraction (no surprise):

20161213-220001

pecheck-v0_6_0.zip (https)
MD5: D3A9C71AAF63D83884B4FEF2C2C21D03
SHA256: 08DB82F190AEEB065A65FEE0DD03D20B0CC788878C4864B537BBD1807E4D6B71

3 Comments »

  1. […] PECheck.py was updated to version 0.6.0 adding the ability to “produce a compact overview of all the resources in a PE file”. Update: pecheck.py Version 0.6.0 – Overview Of Resources […]

    Pingback by Week 50 – 2016 – This Week In 4n6 — Sunday 18 December 2016 @ 9:31

  2. […] Update: pecheck.py Version 0.6.0 – Overview Of Resources […]

    Pingback by Overview of Content Published In December | Didier Stevens — Tuesday 10 January 2017 @ 0:01

  3. […] certainly looks like a PE file. Let’s pipe it through pecheck.py (we need to skip the first 8 bytes: […]

    Pingback by Maldoc: It’s not all VBA these days | NVISO LABS – blog — Wednesday 8 February 2017 @ 9:04


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: