The tool has evolved from a tiny python script to one of the most powerful static analysis tool.
Some of the functionality includes:
1. String based analysis for registry , API calls , IRC Commands , DLL's called and VM Aware.
2. Display detailed headers of PE with all its section details, import and export symbols etc.
3.On Distro , can perform an ascii dump of the PE along with other options ( check --help argument).
4. For windows , it can generate various section of a PE : DOS Header , DOS Stub, PE File Header , Image Optional Header , Section Table , Data Directories , Sections
5. ASCII dump on windows machine.
6. Code Analysis ( disassembling )
7. Online malware checking ( www.virustotal.com )
8. Check for Packer from the Database.
9. Tracer functionality : Can be used to identify
Anti-debugging Calls tricks , File system manipulations Calls Rootkit Hooks, Keyboard Hooks , DEP Setting Change,Network Identification traces,
10. Signature Creation: Allows to create signature of malware
Some of the functionality includes:
1. String based analysis for registry , API calls , IRC Commands , DLL's called and VM Aware.
2. Display detailed headers of PE with all its section details, import and export symbols etc.
3.On Distro , can perform an ascii dump of the PE along with other options ( check --help argument).
4. For windows , it can generate various section of a PE : DOS Header , DOS Stub, PE File Header , Image Optional Header , Section Table , Data Directories , Sections
5. ASCII dump on windows machine.
6. Code Analysis ( disassembling )
7. Online malware checking ( www.virustotal.com )
8. Check for Packer from the Database.
9. Tracer functionality : Can be used to identify
Anti-debugging Calls tricks , File system manipulations Calls Rootkit Hooks, Keyboard Hooks , DEP Setting Change,Network Identification traces,
10. Signature Creation: Allows to create signature of malware
