Static PE Feature Analysis¶
Safety boundary: This workbook performs static analysis of sanitized excerpts, fake fixtures, and derived public metadata. It does not execute attacker code, inspect the analyst's environment, or contact any network.
Static Characteristics of Discovered Binary¶
Instead of executing the payload, we map features extracted from static inspection of imports, strings, headers, and certificates.
In [ ]:
import json
from pathlib import Path
# Load PE features fixture
pe_features = json.loads(Path("../fixtures/static-pe-features.public.json").read_text())
print(f"Binary Target: {pe_features['artifact']}")
print(f"SHA-256: {pe_features['sha256']}")
In [ ]:
print("Extracted Features:")
for feat in pe_features["features"]:
status = "⚠️ [FLAGGED]" if feat["flagged"] else "ℹ️ [INFO]"
print(f"{status} {feat['feature'].upper()}: {feat['value']}")
print(f" Context: {feat['reason']}")