Question

  • Creator
    Topic
  • #3973314

    python module features

    Locked

    by pumper05sanity ·

    Tags: 

    Hi

    Im trying to find all the features that could be extracted from malware using pefile python module for example

    self.ImageVersion = self.pe.OPTIONAL_HEADER.MajorImageVersion

    I only know very few . I tried to search for specification or manual that could tell me all the features but with no luck. I read some papers that extracted around 200 ! but they didn’t name them , it would be easier for me if they have named them.

    thanks in advance

All Answers

  • Author
    Replies
    • #3973438
      Avatar photo

      PE RESOURCE EXTRACTION.

      by rproffitt ·

      In reply to python module features

      While I know more than I’ll reveal this is a rabbit hole of indeterminate depth. Also akin to asking how long is a string.

      The extraction has little to do with examination of what was extracted. It can also require the MALWARE INVESTIGATOR to reverse engineer binary code.

      In short, there is no quick tutorial on this. You would learn this craft as time permits.

Viewing 0 reply threads