diff --git a/pkgs/default.nix b/pkgs/default.nix
index c4cb0f6..07bef18 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -16,4 +16,6 @@
   gpu-screen-recorder-notification = pkgs.callPackage ./gpu-screen-recorder-notification/default.nix { };
   kavita-old = pkgs.callPackage ./kavita-old/default.nix { };
   hollow-grub = pkgs.callPackage ./hollow-grub/default.nix { };
+  peframe = pkgs.callPackage ./peframe/default.nix { python3Packages = pkgs.python3Packages; inherit virustotal-api; };
+  virustotal-api = pkgs.callPackage ./virustotal-api/default.nix { python3Packages = pkgs.python3Packages; };
 }
diff --git a/pkgs/peframe/default.nix b/pkgs/peframe/default.nix
new file mode 100644
index 0000000..34682d1
--- /dev/null
+++ b/pkgs/peframe/default.nix
@@ -0,0 +1,36 @@
+{lib, fetchPypi, python3Packages, swig, pkgconf, openssl, virustotal-api, ...}:
+python3Packages.buildPythonApplication rec {
+      pname = "peframe_ds";
+      version = "7.0.0";
+      pyproject = true;
+
+      src = fetchPypi {
+        inherit pname version;
+        hash = "sha256-Z9/hMD3w4ZYcfPMbLUuyKhS1wWGT11Y3gdVNVqSdhvg=";
+      };
+      build-system = with python3Packages; [ setuptools ];
+      postPatch = ''
+        substituteInPlace pyproject.toml \
+          --replace-fail "readline" "gnureadline"
+      '';
+
+      dependencies = with python3Packages; [
+        pefile
+        yara-python
+        python-magic
+        requests
+        oletools
+        m2crypto
+        virustotal-api
+        gnureadline
+      ];
+
+      nativeBuildInputs = [ swig pkgconf openssl ];
+
+      meta = with lib; {
+        description = "PEframe — static analysis of PE files and suspicious documents";
+        homepage    = "https://github.com/guelfoweb/peframe";
+        license     = licenses.gpl2Plus;
+        maintainers = with maintainers; [ ];
+      };
+}
diff --git a/pkgs/virustotal-api/default.nix b/pkgs/virustotal-api/default.nix
new file mode 100644
index 0000000..6cff682
--- /dev/null
+++ b/pkgs/virustotal-api/default.nix
@@ -0,0 +1,29 @@
+{
+  lib,
+  python3Packages,
+  fetchPypi,
+}:
+
+python3Packages.buildPythonPackage rec {
+  pname = "virustotal-api";
+  version = "1.1.11";
+  pyproject = true;
+
+  src = fetchPypi {
+    inherit pname version;
+    hash = "sha256-nx14OoSOkop4qhaDcmRcaJnLvWuIiVHh1jNeW4feHD0=";
+  };
+
+  build-system = [ python3Packages.setuptools ];
+
+  dependencies = with python3Packages; [
+    requests
+  ];
+
+  meta = {
+    changelog = "https://github.com/blacktop/virustotal-api/releases/tag/${version}";
+    homepage = "https://github.com/blacktop/virustotal-api";
+    description = "Virus Total Public/Private/Intel API";
+    license = lib.licenses.mit;
+  };
+}