The goal of PeStudio is to provide a quick way to inspect executable files without having to run them. Check a file’s integrity and analyze its properties With all this information, experienced users can determine hard-coded URLs and IP addresses, thus finding out if the file has been tampered with. The entire report can be saved to XML format. It can show you if a file contains another file and show you file references, offer you information about DOS and file headers, directories, sections and libraries. It reveals resources, bound imports, exported symbols, strings and debug information, as well as the file’s manifest and version. The VirusTotal scan results is also shown.
It reveals the hash codes, its size and entropy, the compile and the debugger stamps, all to be able to check the integrity of the file.įurthermore, PeStudio can reveal details about various file indicators and signatures.
The analysis starts right away and PeStudio displays insightful information about a file’s properties. The application can check out various file formats, including EXE, DLL, CPL, OCX, AX, SYS and others. To make things even easier, drag and drop is supported, which means it is enough to add a program onto the main window to initiate the scan. Although there is no help menu or indications, the interface is simple and understanding how things work is extremely easy. Intuitively, you start by loading the input file. There is nothing complicated when it comes to using PeStudio. Having that in mind, PeStudio provides an initial malware testing tool that can take a look at an executable without actually opening it, so as to spot suspicious modifications to the original file. Usually, it only takes a double click to launch an executable file and, in fact, get the host computer infected. The ways malware spreads have become more variate over time but executable files remain a widely-used attack vector.
0 kommentar(er)
