PeStudio Pro 9.56 Preactivated

PeStudio Pro 9.56 Preactivated

vZip by Prapattimynk

The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. The tool is used by Computer Emergency Response Teams (CERT), Security Operati

Android Android 5.0Cyber sec
( 107 ratings )
Price: $0
File PeStudio Pro 9.56 Preactivated
Publisher Prapattimynk
Genre Cyber sec
Size 821Kb
File Type Zip
Os Windows
Mod Version Zip
Report Report
PeStudio Pro 9.56 Preactivated is the most famous version in the PeStudio Pro 9.56 Preactivated series of publisher
Download

The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. The tool is used by Computer Emergency Response Teams (CERT), Security Operations Centers (SOC) and Digital-Forensic Labs worldwide.

Features

Indicators

PeStudio shows Indicators as a human-friendly result of the analyzed image. Indicators are grouped into categories according to their severity. Indicators show the potential and the anomalies of the application being analyzed. The classifications are based on XML files provided with PeStudio. By editing the XML file, one can customize the Indicators shown and their severity. Among the indicators, PeStudio shows when an image is compressed using UPX or MPRESS. PeStudio helps you to define the trustworthiness of the application being analyzed.

Virus Detection

PeStudio can query Antivirus engines hosted by Virustotal for the file being analyzed. This feature only sends the MD5 of the file being analyzed. This feature can be switched ON or OFF using an XML file included with PeStudio. PeStudio helps you to determine how suspicious the file being analyzed is.

Imports

Even a suspicious binary or malware file must interact with the operating system in order to perform its activity. For this to be possible, a certain amount of libraries must be used. PeStudio retrieves the libraries and the functions used by the image. PeStudio also includes an XML file that is used to blacklist functions (e.g. Registry, Process, Thead, File, …). The blacklist file can be customized and extended according to your own needs. PeStudio shows the intent and purpose of the application analyzed.

Resources

Executable files typically not only contain code but also many kinds of data types. Resources sections are commonly used to host different Windows built-in items (e.g. icons, strings, dialogs, menus) and custom data. PeStudio analyzes the resources of the file being analyzed and detects embedded items (e.g. EXE, DLL, SYS, PDF, CAB, ZIP, JAR, …). Any item can be separately selected and saved to a file, allowing the possibility of further



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.