Jump to content

PeStudio 8.88

Recommended Posts


PeStudio 8.88


PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.





PEStudio shows Indicators as a human-friendly result of the analysed image. Indicators are grouped into categories according to their severity. Indicators show the potential and the anomalies of the application being analysed. The classifications are based on XML files provided with PEStudio. By editing the XML file, one can customize the Indicators shown and their severity. Among the indicators, PEStudio shows when an image is compressed using UPX or MPRESS. PEStudio helps you to define the trustworthiness of the application being analysed.

Virus Detection
PEStudio can query Antivirus engines hosted by Virustotal for the file being analysed. This feature only sends the MD5 of the file being analysed. This feature can be switched ON or OFF using an XML file included with PEStudio. PEStudio helps you to determine how suspicious the file being analysed is.

Even a suspicious binary or malware file must interact with the operating system in order to perform its activity. For this to be possible, a certain amount of libraries must be used. PEStudio retrieves the libraries and the functions used by the image. PEStudio also includes an XML file that is used to blacklist functions (e.g. Registry, Process, Thread, File, ...). The blacklist file can be customized and extended according to your own needs. PEStudio shows the intent and purpose of the application analyzed.

Executable files typically not only contain code but also many kinds of data types. Resources sections are commonly used to host different Windows built-in items (e.g. icons, strings, dialogs, menus) and custom data. PEStudio analyzes the resources of the file being analysed and detects embedded items (e.g. EXE, DLL, SYS, PDF, CAB, ZIP, JAR, ...). Any item can be separately selected and saved to a file, allowing the possibility of further analysis.

And More...





v8.88  (2019-01-12)

  • Fix a bug when handling export XML file from the CLI
  • Extend overview of time-date stamps
  • Handle more malformation of sections and show indicators appropriately
  • Add sample name analysed in the caption of pestudio GUI

v8.87 (2019-01-01)

  • Fix bugs
  • Detect TLS Callback functions for 64bit executable
  • Extend sections view with "self-modifying" tag
  • Extend msdn search on imports
  • Extend google search on exports
  • Extend google search on strings
  • Show hashes of Certificates to ease hunting

v8.86 (2018-12-16)

  • fix bugs
  • Add search Google and Virustotal for resources



      Homepage: http://www.winitor.com

      Changelog: https://www.winitor.com/tools/pestudio/changes.log
      Release Date: 2019-01-12

      OS: Windows
      Language: English

      Download Page: https://www.winitor.com/binaries.html








      Portable (1.06 MB): https://www.winitor.com/tools/pestudio/current/pestudio.zip



      Note: No medicine available for Pro version.




      Share this post

      Link to post
      Share on other sites

      Join the conversation

      You can post now and register later. If you have an account, sign in now to post with your account.
      Note: Your post will require moderator approval before it will be visible.

      Reply to this topic...

      ×   Pasted as rich text.   Paste as plain text instead

        Only 75 emoji are allowed.

      ×   Your link has been automatically embedded.   Display as a link instead

      ×   Your previous content has been restored.   Clear editor

      ×   You cannot paste images directly. Upload or insert images from URL.

      • Recently Browsing   0 members

        No registered users viewing this page.

      • Create New...