You are browsing the archive for PECluester.

Minor Updates – PESectionExtractor and PECluester

November 12, 2013 in PECluester, PESectionExtractor, Software Releases

Just quick note that I have updated: PESectionExtractor. It’s just a minor fix to make it parse PE32+ files. PECluester. Again, it’s just a minor fix for parsing the arguments […]

Comments Off on Minor Updates – PESectionExtractor and PECluester

Perfect Timestomping a.k.a. Finding suspicious PE files with clustering

September 1, 2012 in Anti-Forensics, Compromise Detection, Forensic Analysis, Malware Analysis, PECluester, Software Releases

In my previous post about clustering, I mentioned that it can be used as an efficient  data reduction technique. I also provided some examples of timestamps that could be useful […]

Comments Off on Perfect Timestomping a.k.a. Finding suspicious PE files with clustering