Open sroberts opened 11 years ago
The only thing I've really used pefile for is for:
There's a bunch more you can do with it, but I'm not sure how useful it would be for malwarehouse. Unless of course you wanted to drop a more detailed analysis of the PE file when importing samples.
That's pretty much what I have it in mind for, pulling compile date, compiler version, etc. I agree there's probably more out there, but my plan would be using it for tagging similar to the way I'm using Yara. Unfortunately it's not generic enough to use on all file types.
Thanks for the gists. Those will be a great help when I go that direction.
I'm not quite sure yet what to do with this, but I feel like there are some cool possibilities.
Ref: PEFILE