I’m releasing PE-Sentinel v1.0, a tool I wrote in C++ (WinAPI) for automated malware triage and reverse engineering.

It performs 100% Static Analysis (Zero Execution) via CreateFileMapping. You can safely analyze the most aggressive ransomware on your host machine without running it. Most importantly, it features a Bulletproof Anti-Crash Engine specifically designed to defeat modern protectors (like VMProtect) that use malformed PE headers to crash analysis tools.

🔥 Core Capabilities:

• 🛡️ Anti-Crash Architecture: Strict bounds-checking ignores fake VirtualSize and SizeOfRawData traps. It will not crash on corrupted or heavily obfuscated files.

• 🧠 Probabilistic Scoring: Calculates a definitive "Packed/Malicious" confidence score using Independent Probability Union P(A U B) math.

• 🕵️ Native Opcode Hunting: Dives into Assembly to detect RDTSC/CPUID abuse (Anti-VM/Evasion) and cross-section jumps (Classic Packer Stubs).

• 🌐 Threat Intel: Automatically generates Imphashes (via native Windows Crypt API), verifies Authenticode signatures (spots spoofed/fake certs), and extracts embedded IPs/URLs.

• 📦 Anomaly Detection: Flags IAT Starvation, Process Hollowing cavities, and ReflectiveLoader exports.

• ⚙️ SOC Automation: Pass the --json flag to mute the CLI and output a clean, parsed JSON report for your automated malware labs.

This is the hidden content, please

• Sign In
• or
• Sign Up

RAR PW: decodehub.org

💻 Usage:

Portable and console-based.

pe-sentinel.exe target_malware.exe
pe-sentinel.exe target_malware.exe --json

Built for security researchers and reverse engineers. I’m open to all feedback, bug reports, or pull requests. Enjoy!

holy topic 🔥

🤩

🔥🔥🔥

Thx