PeStudio shows the intent and purpose of the application analyzed.With PeStudio, you can inspect and thus validate any 32-bit or 64-bit application (*.exe, *.dll, *.cpl, *.ocx, *.ax, *.sys. The blacklist file can be customized and extended according to your own needs. PeStudio also includes an XML file that is used to blacklist functions (e.g. PeStudio retrieves the libraries and the functions used by the image. For this to be possible, a certain amount of libraries must be used. PeStudio helps you to determine how suspicious the file being analyzed is.Even a suspicious binary or malware file must interact with the operating system in order to perform its activity. This feature can be switched ON or OFF using an XML file included with PeStudio. This feature only sends the MD5 of the file being analyzed. PeStudio helps you to define the trustworthiness of the application being analyzed.PeStudio can query Antivirus engines hosted by Virustotal for the file being analyzed.
Among the indicators, PeStudio shows when an image is compressed using UPX or MPRESS. By editing the XML file, one can customize the Indicators shown and their severity.
The classifications are based on XML files provided with PeStudio. Indicators show the potential and the anomalies of the application being analyzed. Indicators are grouped into categories according to their severity. PeStudio does not change the system or leaves anything behind.PeStudio shows Indicators as a human-friendly result of the analyzed image.
PeStudio runs on any Windows Platform and is fully portable, no installation is required. Therefore you can evaluate unknown executable and even malware with no risk. A file being analyzed with PeStudio is never launched. PeStudio is a free tool performing the static investigation of any Windows executable binary. A free tool performing the static investigation of any Windows executable binary.
0 kommentar(er)
