There are 2 repositories under pefile topic.
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
Malware Data Science Reading Diary / Notes
POC of a better implementation of GetProcAddress for ntdll using binary search
A Malware classifier dataset built with header fields’ values of Portable Executable files
A Machine Learning approach for classifying a file as Malicious or Legitimate
Small visualizator for PE files
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
A malware dataset curation tool which helps identify packed samples.
ProcessGhosting 技术的 rust 实现版本
This project is Malware detection API using ML and CNN techniques
PE Bliss - Cross-Platform Portable Executable C++ Library
Detecting Malware in PE files
Malice PExecutable Plugin
[IN THE WORKS] Python script designed to provide comprehensive analysis of malware samples, combining static and dynamic analysis techniques to analyse the behaviour and characteristics of analysed malware. Utilises PEfile library and PyREBox (VM sandbox)
My personal PE Fixer that allows you to patch a raw PE dump to a fully patched and working PE dump that will help your analysis.
Pypy.js compatible version of pefile.py for use in offline browser implementation
This project analyzes PE information of exe files to detect malware. In this repository you will learn how to create your own dataset and will be able to see the use of machine learning models using the dataset. We will use machine learning for detect malware.
This Program Analyzes PE Fies Using Python
A command line tool to modify PE file imports on process start
packer identification tool using SVM
Assemblyline 4 PE File analysis service