pftriage – Malware Triage Tool


pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware.


  • pefile
  • filemagic

Note: On Mac – Apple has implemented their own version of the file command. However, libmagic can be installed using homebrew

$ brew install libmagic


usage: pftriage [options]

Show information about a file for triage.

positional arguments:
  file                  The file to triage.

optional arguments:
  -h, --help            show this help message and exit
  -i, --imports         Display import tree
  -s, --sections        Display overview of sections. For more detailed info
                        pass the -v switch
  --removeoverlay       Remove overlay data.
  --extractoverlay      Extract overlay data.
  -r, --resources       Display resource informations
                        Dump data using the passed offset or 'ALL'. Currently
                        only works with resources.
  -a, --analyze         Analyze the file.
  -v, --verbose         Display version.
  -V, --version         Print version and exit.



Add Comment