首页
论坛
课程
招聘
[转帖]PeStudio 9.09
2020-12-27 09:42 1232

[转帖]PeStudio 9.09

2020-12-27 09:42
1232

PeStudio 9.09

PES.png

PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.

 


Features:

Indicators

PEStudio shows Indicators as a human-friendly result of the analysed image. Indicators are grouped into categories according to their severity. Indicators show the potential and the anomalies of the application being analysed. The classifications are based on XML files provided with PEStudio. By editing the XML file, one can customize the Indicators shown and their severity. Among the indicators, PEStudio shows when an image is compressed using UPX or MPRESS. PEStudio helps you to define the trustworthiness of the application being analysed.


Virus Detection

PEStudio can query Antivirus engines hosted by Virustotal for the file being analysed. This feature only sends the MD5 of the file being analysed. This feature can be switched ON or OFF using an XML file included with PEStudio. PEStudio helps you to determine how suspicious the file being analysed is.


Imports

Even a suspicious binary or malware file must interact with the operating system in order to perform its activity. For this to be possible, a certain amount of libraries must be used. PEStudio retrieves the libraries and the functions used by the image. PEStudio also includes an XML file that is used to blacklist functions (e.g. Registry, Process, Thread, File, ...). The blacklist file can be customized and extended according to your own needs. PEStudio shows the intent and purpose of the application analyzed.


Resources

Executable files typically not only contain code but also many kinds of data types. Resources sections are commonly used to host different Windows built-in items (e.g. icons, strings, dialogs, menus) and custom data. PEStudio analyzes the resources of the file being analysed and detects embedded items (e.g. EXE, DLL, SYS, PDF, CAB, ZIP, JAR, ...). Any item can be separately selected and saved to a file, allowing the possibility of further analysis.


 


Version 9.09

. Fix a bug when handling malformed relocations table

. Add handling of Rich-header


Version 9.08

. Extend context menus

. Extend detection of embedded files

. Fix bugs


 

Homepage :  https://www.winitor.com

Changetog :  https://www.winitor.com/tools/pestudio/changes.log

Download :  https://www.winitor.com/tools/pestudio/current/pestudio.zip



【公告】欢迎大家踊跃尝试高研班11月试题,挑战自己的极限!

收藏
点赞2
打赏
分享
最新回复 (7)
雪    币: 50
活跃值: 活跃值 (737)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
caicaisin 活跃值 2020-12-27 09:57
2
0
谢谢林版主,不错
雪    币: 40591
活跃值: 活跃值 (158968)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
linhanshi 活跃值 2020-12-27 12:39
3
0

PeStudio v9.09 

http://95.141.193.17/noload2/files/061/rsload.net.pestudio.zip

用户名:rsload.net  密码:rsload.net

NO TEST!

最后于 2020-12-27 12:44 被linhanshi编辑 ,原因:
雪    币: 40591
活跃值: 活跃值 (158968)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
linhanshi 活跃值 2020-12-27 12:49
4
0

备档一个.


Pestudio v9.08 Repack & Portable


Description:

pestudio is used by Computer Emergency Response Teams and Labs worldwide in order to perform Malware Initial Assessment.

//////////////////////////////////////////////////////////////////////////////////////////////////////////////

• Type: Install | Portable

• System: x86

• Languages: English

• Activation: Not Needed

• Removed: Nothing

• Extras: Option to Add to Context Menu

///////////////////////////////////////////////////////////////////////////////////////////////////////////////

Homepage:

https://www.winitor.com

Download:

https://www.mirrored.to/files/1LANLX1X/pestudio_v9.08_[Repack].exe_links


雪    币: 5674
活跃值: 活跃值 (5331)
能力值: ( LV2,RANK:15 )
在线值:
发帖
回帖
粉丝
FleTime 活跃值 2020-12-27 19:52
5
0

PeStudio v9.09 和三楼的Pestudio v9.08 Repack & Portable 本地存档

二楼的与主题帖9.09的是同一个文件,MD5值相同

上传的附件:
雪    币: 40591
活跃值: 活跃值 (158968)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
linhanshi 活跃值 2020-12-27 19:53
6
0
FleTime PeStudio v9.09 和三楼的Pestudio v9.08 Repack & Portable 本地存档二楼的与主题帖9.09的是同一个文件,MD5值相同
雪    币: 50
活跃值: 活跃值 (71)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
istigatore 活跃值 2020-12-28 01:42
7
0
You can download last editon from here
https://www.winitor.com/download
雪    币: 6503
活跃值: 活跃值 (1033)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
jgs 活跃值 2020-12-28 08:25
8
0
可惜没有Pro版安装程序
游客
登录 | 注册 方可回帖
返回