Anyone interested by a kind of "blacklisted" library mechanism ? An XML file containing a list of DLL which would then be detected by PeStudio as...
No reason to stop, static analysis still has a huge potential...stay tuned.
PeStudio7.57 detects blacklisted exported functions
@Snoop3: just tried it, everything is alright. Can you send me the exe, just to be sure? thanks.
PeStudio 7.56 is now available with an whitelist XML-based mechanism to detect suspicious sections names...
@Snoop3: thank you for this idea! Yes, currently the strings output is too noisy. I am planing to implement a filtering and searching and...
@Snoop3: PeStudio 7.54 is now available to fix this issue under XP + ANY file can be opened and checked against VT + extended validation of...
@Snoop3: of course, it will be available in the next version!
@Snoop3: Pestudio 7.53 is now available. The freezing issue on XP has been fixed (and tested under XP).
@Snoop3: another user contacted me because of freezing issue on XP. I'll test it on xp tomorrow...Sorry about this inconvenience!
@Snoop3: I really don't think google is asking for anything through PeStudio or placing cooking on the system when using PeStudio.
PeStudio 7.52 is now availabe to fix an issue with the certificates.
@Snoop3: Yes, PeStudio does not need any installation and has its own (encrypted) VT key. PeStudio does not need anything else to submit your...
@TyRidian: PeStudio 7.51 contains the new reg file to remove PeStudio from the explorer context menu. @Snoop3: PeStudio 7.51 releases images much...
@TyRidian: will be done. ...but don't get rid of PeStudio..! :-)
@Snoop3: as far as I understand you question, I can say that PeStudio opens a file to be analysed only when the file is not yet to be found in...
PeStudio 7.50 retrieves more details for each Certificate found, as usual only using RAW access.
PeStudio 7.47 now supports RAW detection and handling of certificates embedded in PE files.
Real checksum will be done. Currently working on raw dump of certificates, but won't take long time to be done.
@stackz: saving size and position would be possible, but would introduce problems when switching back and forth from one/two screens working...
Anyone using PeStudio?
Anyone interested to see PeStudio "consuming" YARA rules?
Anyone interested to see PeStudio to compute and show the real check sum of the file (beside the one available in the image at...
PeStudio 7.45 is now available with the detection of Relocations Table
PeStudio 7.43 can filter Executable Images according to the presence (or absence) of Certificate
Separate names with a comma.
