PE Tools - Portable executable (PE) manipulation toolkit

• UpdatedApr 4, 2018

Automatic and platform-independent unpacker for Windows binaries based on emulation

• UpdatedSep 27, 2024
• Python

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

• UpdatedMar 11, 2024
• C

Portable Executable (PE) library written in .Net

• UpdatedMar 16, 2025
• C#

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

• UpdatedMar 8, 2024
• C

Python Antivirus Software

• UpdatedFeb 23, 2025
• Python

Malware Data Science Reading Diary / Notes

• UpdatedMay 5, 2019
• Jupyter Notebook

POC of a better implementation of GetProcAddress for ntdll using binary search

• UpdatedApr 8, 2024
• C

A Malware classifier dataset built with header fields’ values of Portable Executable files

• UpdatedDec 2, 2022
• YARA

A Machine Learning approach for classifying a file as Malicious or Legitimate

• UpdatedOct 10, 2016
• Jupyter Notebook

PE Binary Shellcode Injector - Automated code cave discovery, shellcode injection, ASLR bypass, x86/x64 compatible

• UpdatedNov 24, 2019
• Python

Small visualizator for PE files

• UpdatedSep 20, 2023
• Python

Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping

• UpdatedOct 9, 2022
• C

Dump certificates from PE files in different formats

• UpdatedDec 25, 2023
• C#

A malware dataset curation tool which helps identify packed samples.

• UpdatedOct 24, 2018
• Python

ProcessGhosting 技术的 rust 实现版本

• UpdatedOct 23, 2024
• Rust

Detecting Malware in PE files

• UpdatedAug 8, 2023
• Jupyter Notebook

Golang port of pefile

• UpdatedJul 17, 2017
• Python

This project is Malware detection API using ML and CNN techniques

• UpdatedApr 29, 2023
• Jupyter Notebook

Hex Workshop editor's structure library for the Microsoft's Portable Executable format.

• UpdatedFeb 28, 2019