Pftriage

[✨ deeznutz]

ftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware.

Dependencies

• pefile
• filemagic

Note: On Mac - Apple has implemented their own version of the file command. However, libmagic can be installed using homebrew

Code:
brew install libmagic

Usage

Code:
usage: pftriage [options]

Show information about a file for triage.

positional arguments:
file The file to triage.

optional arguments:
-h, --help show this help message and exit
-i, --imports Display import tree
-s, --sections Display overview of sections. For more detailed info
pass the -v switch
--removeoverlay Remove overlay data.
--extractoverlay Extract overlay data.
-r, --resources Display resource informations
-D DUMP_OFFSET, --dump DUMP_OFFSET
Dump data using the passed offset or 'ALL'. Currently
only works with resources.
-a, --analyze Analyze the file.
-v, --verbose Display version.
-V, --version Print version and exit.

Download Pftriage