Search the Community
Showing results for tags 'pestudio'.
-
PeStudio – is a unique tool that performs the static investigation of 32-bit and 64-bit executable. Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk. Features • all libraries that are used by an application. • all functions that are imported by an application. • all functions (also anonymous) that are exported by an application. • all functions that are forwarded to other libraries. • Obsolete Functions that are exported and imported by an application • whether the Data Execution Prevention (DEP) Windows security mechanism is used. • whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used. • whether Structured Exception Handling – SEH Windows security mechanism is used • whether some sections are compressed. Version 9.09 . Fix a bug when handling malformed relocations table . Add handling of Rich-header [hide][Hidden Content]]
-
pestudio is used by Computer Emergency Response Teams (CERT) and Labs worldwide in order to perform Malware Initial Assessment. Malicious software often attempts to hide its intents in order to evade early detection and static analysis. In doing so, it often leaves suspicious patterns, unexpected metadata, anomalies and other valuable indicators. The goal of pestudio is to spot these artifacts in order to ease and accelerate Malware Initial Assessment. The tool is built upon a powerful parser and a set of XML configuration files that are used to detect various types of indicators and classify items. Since the file being analyzed is never started, you can inspect malicious executable files like trojan, ransomware and RAT with no risk of infection. [HIDE][Hidden Content]] Version 8.88 . Fix a bug when handling export XML file from the CLI . Extend overview of time-date stamps . Handle more malformation of sections and show indicators appropriately . Add sample name analysed in the caption of pestudio GUI