pe_compiledate.py

1. #!/usr/bin/python
2.  
3. # grab the compile time of a piece of malware
4.  
5. import time
6. import pefile
7. import sys
8. import argparse
9.  
10. def parse_pe(arg_file):
11. pe = pefile.PE(arg_file)
12. epoch = pe.FILE_HEADER.TimeDateStamp
13. humantime = time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime(epoch))
14. print "Possible compile time: " + humantime
15.  
16. def __main__():
17. parser = argparse.ArgumentParser(description='grab the compile date of a file', usage='%(prog)s -f file')
18. parser.add_argument('--file', '-f', dest='filein', help='file to nuke')
19. parser.add_argument('--version', '-v', action='version', version='%(prog)s 0.1')
20. args = parser.parse_args()
21. arg_file = args.filein
22.  
23. if not args.filein:
24. sys.exit(parser.print_help())
25.  
26. try:
27. parse_pe(arg_file)
28. except:
29. print "Error!! Looks like there's a problem with the PE file"
30.  
31. if __name__ == '__main__':
32. __main__()