Portex by katjahahn

Welcome to PortEx

PortEx is a Java library for static malware analysis of portable executable files. Its focus is on PE malformation robustness and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications.

Features

Reading Header information from: MSDOS Header, COFF File Header, Optional Header, Section Table
Reading standard section formats: import section, resource section, export section, debug section, relocations, delay-load imports
Dumping of sections, overlay, embedded ZIP, JAR or .class files
Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values. See here for a full list of anomalies
Visualize a PE file's structure as it is on disk and visualize the local entropies of a file
Calculate Shannon Entropy for files and sections
Calculate hash values for files and sections
Scan for PEiD signatures or your own signature database
Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)
Extract Unicode and ASCII strings contained in the file
Overlay detection and dumping
Extract ICO files from resource section

For more information have a look at PortEx Wiki and the Documentation

Using Portex

Including PortEx to a Maven Project

You can include PortEx to your project by adding the following Maven dependency:

<dependency>
        <groupId>com.github.katjahahn</groupId>
        <artifactId>portex_2.10</artifactId>
        <version>2.0.8</version>
</dependency>

Building Portex

Requirements

PortEx is build with sbt

Compile and Build with sbt

To simply compile the project invoke:

$ sbt compile

To create a jar:

$ sbt package

For a fat jar (not recommended):

$ sbt assembly

Create Eclipse Project

You can create an eclipse project by using the sbteclipse plugin. Add the following line to project/plugins.sbt:

addSbtPlugin("com.typesafe.sbteclipse" % "sbteclipse-plugin" % "2.4.0")

Generate the project files for Eclipse:

$ sbt eclipse

Import the project to Eclipse via the Import Wizard.

Authors and Contact

Katja Hahn

E-Mail: portx (at) gmx (dot) de

License

Apache License, Version 2.0