This new version can produce a compact overview of all the resources in a PE file using option o: -o r. Here is the overview of resources in an exe (malware) created with iexpress:
It contains a cab file with 2 executables, which are executed after extraction (no surprise):
pecheck-v0_6_0.zip (https)
MD5: D3A9C71AAF63D83884B4FEF2C2C21D03
SHA256: 08DB82F190AEEB065A65FEE0DD03D20B0CC788878C4864B537BBD1807E4D6B71
[…] PECheck.py was updated to version 0.6.0 adding the ability to “produce a compact overview of all the resources in a PE file”. Update: pecheck.py Version 0.6.0 – Overview Of Resources […]
Pingback by Week 50 – 2016 – This Week In 4n6 — Sunday 18 December 2016 @ 9:31
[…] Update: pecheck.py Version 0.6.0 – Overview Of Resources […]
Pingback by Overview of Content Published In December | Didier Stevens — Tuesday 10 January 2017 @ 0:01
[…] certainly looks like a PE file. Let’s pipe it through pecheck.py (we need to skip the first 8 bytes: […]
Pingback by Maldoc: It’s not all VBA these days | NVISO LABS – blog — Wednesday 8 February 2017 @ 9:04
[…] pecheck.py, zipdump.py, […]
Pingback by WannaCry: Simple File Analysis | Didier Stevens Videos — Monday 22 May 2017 @ 8:07
[…] pecheck.py, zipdump.py, […]
Pingback by WannaCry Simple File Analysis | Didier Stevens — Tuesday 23 May 2017 @ 7:32