sgtdede
diff --git a/‎README.md
Lines changed: 5 additions & 5 deletions b/‎README.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎pe-checks.py
Lines changed: 10 additions & 3 deletions b/‎pe-checks.py
Lines changed: 10 additions & 3 deletions
diff --git a/‎requirements.txt
Lines changed: 2 additions & 0 deletions b/‎requirements.txt
Lines changed: 2 additions & 0 deletions
diff --git a/‎valhalla-rules-versions
Lines changed: 1 addition & 0 deletions b/‎valhalla-rules-versions
Lines changed: 1 addition & 0 deletions
diff --git a/‎valhalla-rules.compiled
12 MB b/‎valhalla-rules.compiled
12 MB
@@ -1,19 +1,19 @@
 # pe-checks
-PE file informations (VirusTotal like) for malware development and AV evasion research 
+PE file informations (VirusTotal like) for malware development and AV evasion research
 
 ## Installation
-#### *Note*: 
+#### *Note*:
 This script requires python3
 
 ### Check out the source code
 ```
 git clone --recurse-submodules https://github.com/sgtdede/pe-checks.git
 cd pe-checks
-``` 
+```
 ### Install the python dependencies
 ```
 pip install -r requirements.txt
-``` 
+```
 
 ## Help
 ```
@@ -42,7 +42,7 @@ python pe-checks.py doggo.exe -v -s -c
 ![image](https://user-images.githubusercontent.com/5963320/130305483-aadc7dc5-4995-4411-a24f-1768c4a3440d.png)
 
 ## Thanks to
-This script is powered by [pefile](https://github.com/erocarrera/pefile), [capa](https://github.com/fireeye/capa), [RichPE](https://github.com/RichHeaderResearch/RichPE) and [PyDefenderCheck](https://gist.github.com/daddycocoaman/108d807e89a0f9731304bc848fa219f0)
+This script is powered by [pefile](https://github.com/erocarrera/pefile), [capa](https://github.com/fireeye/capa), [RichPE](https://github.com/RichHeaderResearch/RichPE), [yara-python](https://github.com/VirusTotal/yara-python), [valhallaAPI](https://github.com/NextronSystems/valhallaAPI) and [PyDefenderCheck](https://gist.github.com/daddycocoaman/108d807e89a0f9731304bc848fa219f0)
 
 ## TODO
 - Add signature support
 
@@ -9,12 +9,14 @@
 from pydefendercheck import DefenderScanner
 from rich import rich_it
 from spoof_check import scheck_it
+from yara_scan import valhalla_scan
 
 parser = argparse.ArgumentParser(description='PE informations')
 parser.add_argument(dest='filenames',metavar='filename', nargs='*')
 parser.add_argument('-a', '--all', dest='all', action='store_true', help='perform all modules')
 parser.add_argument('-c', '--capa', dest='capa', action='store_true', help='perform a CAPA scan')
 parser.add_argument('-s', '--scan', dest='scan', action='store_true', help='perform a defender engine scan (WARNING:before lauching that scan you need to adjust Defender settings to: Defender ON, Submission OFF)')
+parser.add_argument('-y', '--yara', dest='yara', action='store_true', help='perform a yara scan using Valhalla\'s free rules')
 parser.add_argument('-v', dest='verbose', action='store_true', help='verbose mode')
 args = parser.parse_args()
 
@@ -89,16 +91,21 @@ def CapaReport(filename):
 
 def main():
     for filename in args.filenames:
-        print(f'{"==================================================":<50} {"File informations":^20} {"==================================================":>50}')
+        print(f'{"==================================================":<50} {"File informations":^30} {"==================================================":>50}')
         SingleFileInfo(filename)
         if args.capa or args.all:
             print()
-            print(f'{"==================================================":<50} {"Capa analysis":^20} {"==================================================":>50}')
+            print(f'{"==================================================":<50} {"Capa analysis":^30} {"==================================================":>50}')
             CapaReport(filename)
         if args.scan or args.all:
             print()
-            print(f'{"==================================================":<50} {"Defender scan":^20} {"==================================================":>50}')
+            print(f'{"==================================================":<50} {"Defender scan":^30} {"==================================================":>50}')
             scanner = DefenderScanner(Path(filename))
             print(scanner.result)
+        if args.yara or args.all:
+            print()
+            print(f'{"==================================================":<50} {"Yara (Valhalla rules) scan":^30} {"==================================================":>50}')
+            valhalla_scan(filename)
+
 
 main()
@@ -1,2 +1,4 @@
 pefile>=2021.5.24
 flare-capa>=2.0.0
+yara-python>=4.1.2
+valhallaAPI>=0.5.2
@@ -0,0 +1 @@
+2021082508