vFeed


Tools

Published on June 6th, 2014 | by MaxiSoler

0

PEStudio v8.29 – Static Investigation of Executables Released

PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. PEStudio is free for private non-commercial use only.

Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.

 

PEStudio_interface

Changelog v8.29

  • Extended Blacklisted Libraries and Functions
  • Extended detection of embedded Registry items
  • Added Threshold (PeStudioThresholds.xml) for DateTimeStamp
  • Added Threshold (PeStudioThresholds.xml) for Debug Age

PEStudio does not require any installation nor does it change the system it is running on. PEStudio is portable and runs on any Windows Platform.

Features

  • Indicators: PEStudio shows Indicators as a human-friendly result of the analysed image. Indicators are grouped into categories according to their severity. Indicators show the potential and the anomalies of the application being analysed.
  • Virus Detection: PEStudio can query Antivirus engines hosted by Virustotal for the file being analysed. This feature only sends the MD5 of the file being analysed.
  • Imports: Even a suspicious binary or malware file must interact with the operating system in order to perform its activity. For this to be possible, a certain amount of libraries must be used. PEStudio retrieves the libraries and the functions used by the image.
  • Resources: Executable files typically not only contain code but also many kinds of data types. Resources sections are commonly used to host different Windows built-in items (e.g. icons, strings, dialogs, menus) and custom data.
  • Report: The goal of PEStudio is to allow investigators to analyse unknown and suspicious executable files. For this purpose, PEStudio can also produce an XML Output Report file documenting the executable file being analysed.
  • Prompt: The package you can download not only contains PEStudio running as Graphical User Interface (GUI), but it also contains a Command Line Interface (CLI) version of PEStudio.
  • Interface: Considering the general software architecture, PEStudio is a consumer of a set of private interfaces provided by the underlying layer. The underlying layer is called PeParser, which is the engine performing the parsing of the Executable files being analysed.

More Information: here

 

Download PEStudio v8.29

Tags: , , , ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑