![]() ![]() You may scan the executable file locally then and on sites like VirusTotal to find out if it contains malicious code. Usefully, clicking Indicators > VirusTotal Scan Report will tell you whether any of the VirusTotal antivirus engines (46, as we write) thinks the executable is malware.Īnd PeStudio even comes with command line support, which means you can automate its analysis and check a host of files in a single operation.Maybe because you have downloaded them from a site you cannot trust, maybe because it is a new app that has not been reviewed anywhere yet, or maybe because of what it is supposed to do. The Resources tab will list structures embedded within your program (typically icons, bitmaps, dialogs and so on). The Libraries and Imports tabs show you the DLLs and other support files required by your program, and the functions it's using. ![]() (Malware will usually employ various tricks to hide this kind of information, but it's still worth a try.) Is it digitally signed, for instance? Targeted at 32 or 64-bit processors? Does it need administrative permission? And there are details about ASLR, DEP, SafeSEH, resources and more.Ĭlicking the Strings tab will then reveal any embedded text strings in the program - function names, paths, prompts, web addresses and more - which can be a useful way to figure out what it's doing. A detailed report appears almost immediately, and the first Indicators tab delivers plenty of useful information. Getting started, for instance, is as easy as dragging and dropping a program onto PeStudio. The program is aimed squarely at developers and Windows experts, but don't let that put you off - there are features here which everyone can use and understand. PeStudio is a free and portable tool which uses static analysis (and other techniques) to help you discover more about suspicious applications. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |