A simple dissectool to play and have fun statically with little malware. Only PE/PE32+ format
Dissecta happens to be a tool created in the context of my learning about malware analysis. It pretends to be a facility for the static analysis of PE files, taking it as an object to dissect (understand
6073
the reference malware -> biological virus) their PE structure and generating a report of it for further analysis or integration with other tools. It also has an integrated plugin system (explained in the official Doc) that allows the scalability of the project.
Generates a report in .dsx(JSON) format with the possible features(IOCS in any case)
Features:
Metadata- (Name, File Size, Time Stamp, Machine, Others)Hash Sum- (md5, sha1, sha256)Readable stringsURLsSections- (Virtual Addr, Virtual Size, Data Size, Perms, Entropy)ImphashExecutable sections opcodesWINDOWS API callsImports
PATH: ./reports/*.dsx
Insert features into a dataset for future training of an ML model (to avoid data congestion avoid using the -d parameter if you are not sure about inserting it into the dataset).
PATH: ./dataset/dataset.json
-
Bible Malcore - For its intuitive and well explained section: "Windows PE File Structure".
-
PEfile Project - For the library used in this project that made things easier for me.
Thanks.