Skip to content

Instantly share code, notes, and snippets.

@schwartz1375
Created March 23, 2024 10:53
Show Gist options
  • Save schwartz1375/a21f7f72970d9dd8627eeb97ca2a5a3a to your computer and use it in GitHub Desktop.
Save schwartz1375/a21f7f72970d9dd8627eeb97ca2a5a3a to your computer and use it in GitHub Desktop.
Tracking Malware with Import Hashing
# Tracking Malware with Import Hashing
# https://www.mandiant.com/resources/blog/tracking-malware-import-hashing
import pefile
import argparse
import sys
def Main(file):
print("Interrogating file: '%s'" % file)
try:
pe = pefile.PE(file)
except pefile.PEFormatError as e:
print('Aw Snap! PEFormatError: ' + str(e))
sys.exit(1)
except:
print('Something went wrong loading the file with pefile!')
sys.exit(1)
print('Import hash (imphash): %s' % pe.get_imphash())
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='A rapid file analysis tool')
parser.add_argument("file", help="The file to be inspected by the tool")
args = parser.parse_args()
Main(args.file)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment