peframe是一款命令行下的恶意PE文件静态分析工具,主要特点:
Hash MD5 & SHA1
PE file attributes
Version info & metadata
PE Identifier Signature
Section analyzer
Imported DLLs & API functions
Search for suspicious API & sections
Dumping all the information
Extract all the string
Extract all the url
Reverse Hex dump
List Entry instances
主页:http://code.google.com/p/peframe/
下载:http://code.google.com/p/peframe/downloads/list
来自:开源中国社区
