Analyze executable files without running them, checking its dependencies and components, exported and forwarded functions, and more
What's new in PeStudio 9.19:Handle more .NET metadata Extend .NET relevant indicators Fix an issue with the detection of duplicate exports
The ways malware spreads have become more variate over time but executable files remain a widely-used attack vector. Usually, it only takes a double click to launch an executable file and, in fact, get the host computer infected. Having that in mind, PeStudio provides an initial malware testing tool that can take a look at an executable without actually opening it, so as to spot suspicious modifications to the original file.
Analyze executable files to find malware
There is nothing complicated when it comes to using PeStudio. Although there is no help menu or indications, the interface is simple and understanding how things work is extremely easy. Intuitively, you start by loading the input file.
The application can check out various file formats, including EXE, DLL, CPL, OCX, AX, SYS and others. To make things even easier, drag and drop is supported, which means it is enough to add a program onto the main window to initiate the scan.
A private analysis tool for executables
The analysis starts right away and PeStudio displays insightful information about a file’s properties. It reveals the hash codes, its size and entropy, the compile and the debugger stamps, all to be able to check the integrity of the file.
Furthermore, PeStudio can reveal details about various file indicators and signatures. It can show you if a file contains another file and show you file references, offer you information about DOS and file headers, directories, sections and libraries. It reveals resources, bound imports, exported symbols, strings and debug information, as well as the file’s manifest and version. The VirusTotal scan results is also shown.
With all this information, experienced users can determine hard-coded URLs and IP addresses, thus finding out if the file has been tampered with. The entire report can be saved to XML format.
Check a file’s integrity and analyze its properties
The goal of PeStudio is to provide a quick way to inspect executable files without having to run them. Evidently, it cannot replace a reliable antivirus solution but it does allow you to get a detailed report about the way an executable file was built.
LIMITATIONS IN THE UNREGISTERED VERSIONThe following additional features are available in the Pro version only: Use pestudio in batch mode with pestudiox.exe Show hints by groups and colors Show items by groups and colors Computer rich-header hash Create XML report file Show MITRE | ATT&CK Matrix