Anyone using PeStudio by Winitor?

Discussion in 'other anti-malware software' started by Tyrizian, May 27, 2013.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I haven't tried it yet, but I will soon :D.
     
  2. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    I hope you'l like it!

    Executable files being analyzed with PeStudio are never launched. Therefore you can use PeStudio to inspect unknown executable and even malware with no risk. PeStudio runs on any Windows Platform and is fully portable, no installation is required. PeStudio does not change the system it is running on nor does it leave anything behind. Among very famous security tools, PeStudio has proudly obtained Rank 4 on the Best 2013 Security Tools.

    http://www.toolswatch.org/2013/12/2013-top-security-tools-as-voted-by-toolswatch-org-readers/
     
  3. Gilgamesh

    Gilgamesh Registered Member

    Joined:
    Mar 1, 2014
    Posts:
    2
    hi,i'm trying to use pestudio for my research on mailware analysis,i have some problems with generating xml file for my exe files.here is the problem:when i drug an exe file in program UI to parse,then i export results to xml,there is difference in some sections;for example in Imported_Symboles section in results in UI there is 144 symbol but when converted to xml there is just 12 symbol in this section(symbols for some dll's like kernel32 won't appear in xml).same problem exist for string section.thank's
     
  4. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    @Gilgamesh: will be fixed in next version of PeStudio! :)
     
  5. Gilgamesh

    Gilgamesh Registered Member

    Joined:
    Mar 1, 2014
    Posts:
    2
    thanks,it's fixed!!!:D :thumb:
     
    Last edited: Mar 27, 2014
  6. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    You're welcome! Thanks for the confirmation.
     
  7. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
  8. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    275
    Location:
    Philippines
    Interesting tool, let me give it a try. Will provide feedback.
     
  9. flatfly

    flatfly Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    70
    Nice tool! But this seems to be a bug...

    Untitled.png
     
  10. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    @flatfly Yes, I noticed that bug. This will be fixed in the next version of pestudio, which will be released soon. Please note that this tool is still under development. Thank you for giving pestudio a try...
     
  11. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
  12. flatfly

    flatfly Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    70
    Thanks for responding so fast!
    There still seems to be an issue, though: this shouldn't be flagged as suspicious, unless I'm missing something:

    upload_2014-9-5_0-9-43.png

    Also, I'm not sure why the functions "SetConsoleTitleW" / "SetConsoleTitleA" in kernel32.dll are flagged by PeStudio as "undocumented":

    http://msdn.microsoft.com/en-us/library/windows/desktop/ms686050(v=vs.85).aspx

    By the way, do you plan to attend the next Black Hat in NL? If so, I would be honored to meet up for a chat. :)
     
    Last edited: Sep 5, 2014
  13. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    @flatfly you're right! When below a mininum, the indicator about VT score should not be shown as a suspcious entry! This will be changed to avoid "noise".. I am not yet sure to be able to go to BL NL. Will be decided soon. Sure, I would be happy to have a chat with you about my dev. :)
     
  14. Paul R

    Paul R Registered Member

    Joined:
    Aug 5, 2014
    Posts:
    58
    Location:
    Bury, Lancashire
  15. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    ZIP package always contains a file called "ChangeLog.txt"
     
  16. flatfly

    flatfly Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    70
    Bug report: it says there are 8 suspicious items but only shows 4.


    suspika.png
     
  17. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    Thank you really much for giving PESTUDIO a try! Yes, this is a bug and will be fixed in the next version will be released soon.
     
  18. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    Yes, I'll be in Black Hat 2014 in Amsterdam to present PESTUDIO in the context of the "Black Hat Arsenal" event. I am looking forward to having a chat with you when you can.
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,531
    Location:
    U.S.A. (South)
    Thanks a million times over for every new release.
     
  20. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,885
    @ Marc Ochsenmeier

    All the best @ Black Hat 2014 in Amsterdam, & Thanx for all the updates.
     
  21. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    great program :)
     
  22. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    Thank you!
     
  23. Marc Ochsenmeier

    Marc Ochsenmeier Developer

    Joined:
    Jun 6, 2013
    Posts:
    150
    Location:
    Germany
    You're welcome. Happy you like it. Updates published on Twitter https://twitter.com/ochsenmeier
     
  24. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    Just wanted to write a belated thank you for your program :)

    It's handy for the paranoiacs amongst us to confirm that when oddly named services appear, that they are in fact are connected to an on-demand scanner we just ran.
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,531
    Location:
    U.S.A. (South)
    In version 8.50 the create XML file is greyed out?
     
Loading...