Multi platform simple tool for resolving symbols by their hashes. This technique most used by malware
Install Python 2.7
Just clone the repository.
git clone https://github.com/immortalp0ny/symfinder.gitInstall all python requirements via pip
pip install click tabulate colorama pefile pyelftoolssymfinder sym ror13add -h 0xBF60601C -h 0xE553E06F -o win -l kernel32.dll --fmt-append-zero
[+] - [2019-05-06 21:34:01] - [R] - Check hash 0xbf60601c inside lib kernel32.dll
[+] - [2019-05-06 21:34:07] - [R] - Check hash 0xe553e06f inside lib kernel32.dll
╒════════════════╤════════════╤══════════════╕
│ Sym Name │ Hash │ Dll Name │
╞════════════════╪════════════╪══════════════╡
│ GlobalAlloc │ 0xbf60601c │ kernel32.dll │
├────────────────┼────────────┼──────────────┤
│ GetProcAddress │ 0xe553e06f │ kernel32.dll │
╘════════════════╧════════════╧══════════════╛