A Python script that performs detailed analysis of MZ-PE (MS-DOS) executable files for malware analysis and forensic investigation.
This script analyzes MZ-PE (MS-DOS) executable file
This tool is primarily used by malware analysts, forensic investigators, and security researchers to inspect and understand the structure and metadata of MS-DOS PE executable files. It helps verify signatures, analyze imports/exports, extract timestamps, and visualize entropy and section data to aid in malware detection and reverse engineering.
The tool requires Python 3 and its standard library; optional dependencies matplotlib and EntropyAnalysis enable graphical output but are not installed by default to maintain server compatibility without GUI. It is licensed under GPLv3, so users should comply with its terms when modifying or redistributing.
Ensure Python 3 is installed
Install ProgramExecutableAnalyzer via pip: pip install ProgramExecutableAnalyzer
Optionally install matplotlib and EntropyAnalysis for enhanced charting: python3 -m pip install matplotlib EntropyAnalysispython3 ProgramExecutableAnalyzer.py -h
Display help and usage information
python3 ProgramExecutableAnalyzer.py executable.exe
Analyze the specified executable file with default settings
python3 ProgramExecutableAnalyzer.py -c executable.exe
Analyze the executable file without color output
python3 ProgramExecutableAnalyzer.py -v executable.exe
Run analysis in verbose mode for more detailed output