This new version of pecheck.py, a tool to analyze PE files, comes with a small update to option -l.
The overview of embedded PE files produced with option -l P now reports the hash of the embedded PE file without overlay:
By default, this is an MD5 hash, but can be changed to your liking using environment variable DSS_DEFAULT_HASH_ALGORITHMS, like this:
I will introduce this environment variable to my other tools with new releases.
pecheck-v0_7_8.zip (https)
MD5: 616CD9159316FC2100BE3E87C5C26B2C
SHA256: F734EFFFA17E4EE6CA64A67D18340B3347B72C4B1C7522BAF1B7D720FABA2389
[…] Update: pecheck.py Version 0.7.8 […]
Pingback by Overview of Content Published in October | Didier Stevens — Friday 1 November 2019 @ 0:00
[…] I use my tool pecheck.py to search for PE files inside the byte stream (-l P), like […]
Pingback by Steganography and Malware | Didier Stevens — Tuesday 12 November 2019 @ 0:00
[…] zipdump.py, pecheck.py, […]
Pingback by Analyzing Unusual ZIP Files – Didier Stevens Videos — Wednesday 1 January 2020 @ 13:08
[…] format-bytes.py, pecheck.py, file-magic.py, […]
Pingback by Stego & Cryptominers – Didier Stevens Videos — Sunday 2 February 2020 @ 13:07
[…] Blog post: Update: pecheck.py Version 0.7.8 […]
Pingback by pecheck: Carving PE Files – Didier Stevens Videos — Thursday 26 March 2020 @ 14:31