analPE.py – A script to spot anomalies in PE files

After writing the previous post, I started developing a quick script to spot anomalies inside a PE file. In addition to the things I already wrote about, I added a couple of extra anomalies to the script: Entry point falling out of the .text section….

Quick reference guide to PE Files in IH

This post is just a bunch of quick notes for PE analysis while handling an incident. It may be modified in the future if I find something else I consider interesting to include. I have added some reference links where you can find more in-depth…