Download PeStudio 9 for Windows - Detects suspicious artifacts in executable files to mitigate and speed up Initial Malware Assessment
PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns.
The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.
The user interface is straightforward and all its functions are neatly displayed in the main window. Although it doesn’t include a help menu, you can easily understand how this application works. You can use this program to verify almost any type of apps, as it supports a wide array of file formats: EXE, DLL, CPL, OCX, AX, SYS and others.
Features of PeStudio
Checks all libraries that are used by an application
Checks all functions that are imported by an application
Checks all functions (also anonymous) that are exported by an application
Checks all functions that are forwarded to other libraries
Obsolete Functions that are exported and imported by an application
Use it in batch mode with pestudiox.exe
Map strings hint to their friendly names
Show functions and strings by groups, colors and names
Create XML report files
Show “MITRE | ATT&CK” indicators Matrix
Search VIRUSTOTAL Intelligence based on strings.
System Requirements for PeStudio
- Supported OS: Windows 7/8/10
- Processor: Pentium IV or higher
- RAM: 1 GB RAM (2 GB recommended)
- Free Hard Disk Space: 50 MB or more.