Jump to content

Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

 

Notice: Unfortunately due to some server side issues, registration via Hotmail / Outlook email addresses do not work, members are requested to use some other email addresses like Gmail to register here. We apologize for the inconvenience caused because of it.


Astron

PeStudio 8.62

Recommended Posts

Astron    19,789
Astron

PeStudio 8.62

0dmKT6b.png


PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.

 

 

 

Features:

Indicators
PEStudio shows Indicators as a human-friendly result of the analysed image. Indicators are grouped into categories according to their severity. Indicators show the potential and the anomalies of the application being analysed. The classifications are based on XML files provided with PEStudio. By editing the XML file, one can customize the Indicators shown and their severity. Among the indicators, PEStudio shows when an image is compressed using UPX or MPRESS. PEStudio helps you to define the trustworthiness of the application being analysed.

Virus Detection
PEStudio can query Antivirus engines hosted by Virustotal for the file being analysed. This feature only sends the MD5 of the file being analysed. This feature can be switched ON or OFF using an XML file included with PEStudio. PEStudio helps you to determine how suspicious the file being analysed is.

Imports
Even a suspicious binary or malware file must interact with the operating system in order to perform its activity. For this to be possible, a certain amount of libraries must be used. PEStudio retrieves the libraries and the functions used by the image. PEStudio also includes an XML file that is used to blacklist functions (e.g. Registry, Process, Thread, File, ...). The blacklist file can be customized and extended according to your own needs. PEStudio shows the intent and purpose of the application analyzed.

Resources
Executable files typically not only contain code but also many kinds of data types. Resources sections are commonly used to host different Windows built-in items (e.g. icons, strings, dialogs, menus) and custom data. PEStudio analyzes the resources of the file being analysed and detects embedded items (e.g. EXE, DLL, SYS, PDF, CAB, ZIP, JAR, ...). Any item can be separately selected and saved to a file, allowing the possibility of further analysis.

And More...
 

 

 

Changelog:

 

v8.62 (2017-08-12):

  • Extend the resource type detection
  • Extend handling of malformed manifest
  • Extend handling of the file signature
  • Detect "unusual" dos-stub messages

v8.61 (2017-07-22):

  • Increase performance when loading executable with large collection of exports
  • Consolidate switches in settings.xml
  • Consolidate API classification
  • Fix a bug when handling the Thread-Local Storage (TLS)
  • Fix a bug of the Manifest View
  • Fix a bug when detecting 64-bit managed files
  • Add online check of update in the "About" dialog
  • Add support for ARM detection
  • Indicate missing library
  • Extend features of standard version

v8.60 (2017-05-21):

  • Add detection of Control Flow Guard (CFG)
  • Add details for Virustotal view

 

     

       

      Homepage: http://www.winitor.com
      Release Date: 2017-08-12
      OS: Windows
      Language: English

       

       

       

      67LFK2N.png

       

       

       

      DOWNLOAD:
      ===========
      Portable (937 KB): https://www.winitor.com/tools/pestudio/current/pestudio.zip

       

       

       

      • Like 1

      Share this post


      Link to post
      Share on other sites

      Create an account or sign in to comment

      You need to be a member in order to leave a comment

      Create an account

      Sign up for a new account in our community. It's easy!

      Register a new account

      Sign in

      Already have an account? Sign in here.

      Sign In Now


      ×