Skip to content
/ PortEx Public
forked from struppigel/PortEx

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

katjahahn.github.io/portex/

License

Apache-2.0 license
0 stars 95 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

captincook/PortEx

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

606 Commits

masterthesis

masterthesis

 
 

progs

progs

 
 

project

project

 
 

src

src

 
 

.checkstyle

.checkstyle

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

assembly.sbt

assembly.sbt

 
 

build.sbt

build.sbt

 
 

iconwhitelist.txt

iconwhitelist.txt

 
 

portex_1.0.pom

portex_1.0.pom

 
 

testng.xml

testng.xml

 
 

Repository files navigation

PortEx build status

Welcome to PortEx

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications.
Visit the PortEx project page.

Features

  • Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table
  • Reading standard section formats: Import Section, Resource Section, Export Section, Debug Section, Relocations
  • Dumping of sections, overlay, embedded ZIP, JAR or .class files
  • Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values.
  • Visualize a PE file structure as it is on disk and visualize the local entropies of the file
  • Calculate Shannon Entropy for files and sections
  • Calculate hash values for files and sections
  • Scan for PEiD signatures or your own signature database
  • Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)
  • Extract Unicode and ASCII strings contained in the file
  • Overlay detection and dumping
  • Extraction of ICO files from resource section
  • File scoring based on statistical information

For more information have a look at PortEx Wiki and the Documentation

Using PortEx

Including PortEx to a Maven Project

You can include PortEx to your project by adding the following Maven dependency:

<dependency>
   <groupId>com.github.katjahahn</groupId>
   <artifactId>portex_2.10</artifactId>
   <version>2.0.2</version>
</dependency>

To use a local build, add the library as follows:

<dependency>
   <groupId>com.github.katjahahn</groupId>
   <artifactId>portex_2.10</artifactId>
   <version>2.0.1</version>
   <scope>system</scope>
   <systemPath>$PORTEXDIR/target/scala-2.10/portex_2.10-2.0.2.jar</systemPath>
</dependency>

Including PortEx to an SBT project

Add the dependency as follows in your build.sbt

libraryDependencies += "com.github.katjahahn" % "portex_2.10" % "2.0.2"

Building PortEx

Requirements

PortEx is build with sbt

Compile and Build With sbt

To simply compile the project invoke:

$ sbt compile

To create a jar:

$ sbt package

To compile a fat jar that can be used as command line tool, type:

$ sbt assembly

Create Eclipse Project

You can create an eclipse project by using the sbteclipse plugin. Add the following line to project/plugins.sbt:

addSbtPlugin("com.typesafe.sbteclipse" % "sbteclipse-plugin" % "2.4.0")

Generate the project files for Eclipse:

$ sbt eclipse

Import the project to Eclipse via the Import Wizard.

Author and Contact

Katja Hahn
E-Mail: portx (at) gmx (dot) de

License

Apache License, Version 2.0

About

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

katjahahn.github.io/PortEx/

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages

  • Java 58.4%
  • Scala 41.6%