逆向工程工具-PE Tree

科技媒体ZDNET报道,黑莓在Black Hat USA 2020 安全大会上开源了逆向工程工具PE Tree。遵守Apache开源协议。基于Python编写,可运行于Linux,Mac和Windows。PE Tree可用于逆向工程和分析Portable Executable(PE)文件的内部结构。

黑莓表示,逆向工程是一个极端的耗费时间和劳动密集过程,需要数小时的反汇编,有时候还需要重建软件程序。黑莓技术团队开源PE Tree将有益于恶意软件逆向工程社区。

特性:

以易于浏览的树状视图列出PE文件内容;

与IDA Pro反编译器集成(轻松导航PE结构,转储内存中的PE文件,执行导入重建);

VirusTotal搜索集成;

可以将数据发送到Cyber​​Chef;

可以作为独立应用程序或IDAPython插件运行。

project url: 

https://github.com/blackberry/pe_tree

 

报道原文:https://www.zdnet.com/article/blackberry-releases-new-security-tool-for-reverse-engineering-pe-files/

---------------------------------------

BlackBerry releases new security tool for reverse-engineering PE files

BlackBerry open-sources PE Tree, a new malware reverse-engineering tool for analyzing Portable Executable (PE) files.

Today, at the Black Hat USA 2020 security conference, BlackBerry released a new tool for the cyber-security community.

Named PE Tree, this is a new Python-based app for Linux, Mac, and Windows that can be used to reverse-engineer and analyze the internal structure of Portable Executable (PE) files -- a common file that malware authors have used to hide malicious payloads.

 

The tool has been open-sourced on GitHub since last week, but today marks its official release.

"Reverse engineering of malware is an extremely time- and labor-intensive process, which can involve hours of disassembling and sometimes deconstructing a software program," the company said in a press release today.

"The BlackBerry Research and Intelligence team initially developed this open source tool for internal use and is now making it available to the malware reverse engineering community," it added.

According to BlackBerry, PE Tree's benefits include:

  • Listing PE file content in an easy-to-navigate tree view
  • Integration with the IDA Pro decompiler (easy navigation of PE structures, dumping in-memory PE files, performing import reconstruction)
  • VirusTotal search integration
  • Can send data to CyberChef
  • Can run as either a standalone application or an IDAPython plugin
  • Open source license allows community contributions

The tool is an alternative to PE-bear, a similar app developed by Malwarebytes malware analyst Aleksandra "Hasherezade" Doniec.

Cyber-security vendors embracing the open-source space

PE Tree also marks the release of yet another useful cyber-security tool into the open source space. This is a major change in approach for cyber-security firms, which have historically kept their internal tools out of the public eye, or closed-source and under expensive commercial licenses.

 

Over the past two years, we've seen:

from 

https://www.zdnet.com/article/blackberry-releases-new-security-tool-for-reverse-engineering-pe-files/