Discussion in 'other anti-malware software' started by Tyrizian, May 27, 2013.
I haven't tried it yet, but I will soon .
I hope you'l like it!
Executable files being analyzed with PeStudio are never launched. Therefore you can use PeStudio to inspect unknown executable and even malware with no risk. PeStudio runs on any Windows Platform and is fully portable, no installation is required. PeStudio does not change the system it is running on nor does it leave anything behind. Among very famous security tools, PeStudio has proudly obtained Rank 4 on the Best 2013 Security Tools.
hi,i'm trying to use pestudio for my research on mailware analysis,i have some problems with generating xml file for my exe files.here is the problem:when i drug an exe file in program UI to parse,then i export results to xml,there is difference in some sections;for example in Imported_Symboles section in results in UI there is 144 symbol but when converted to xml there is just 12 symbol in this section(symbols for some dll's like kernel32 won't appear in xml).same problem exist for string section.thank's
@Gilgamesh: will be fixed in next version of PeStudio!
You're welcome! Thanks for the confirmation.
pestudio has evolved, version 8.35 is available at www.winitor.com
Interesting tool, let me give it a try. Will provide feedback.
Nice tool! But this seems to be a bug...
@flatfly Yes, I noticed that bug. This will be fixed in the next version of pestudio, which will be released soon. Please note that this tool is still under development. Thank you for giving pestudio a try...
@flatfly PeStudio 8.36 is now available at http://www.winitor.com and should fix the bug you identified. Could you please confirm that? Thanks!
Thanks for responding so fast!
There still seems to be an issue, though: this shouldn't be flagged as suspicious, unless I'm missing something:
Also, I'm not sure why the functions "SetConsoleTitleW" / "SetConsoleTitleA" in kernel32.dll are flagged by PeStudio as "undocumented":
By the way, do you plan to attend the next Black Hat in NL? If so, I would be honored to meet up for a chat.
@flatfly you're right! When below a mininum, the indicator about VT score should not be shown as a suspcious entry! This will be changed to avoid "noise".. I am not yet sure to be able to go to BL NL. Will be decided soon. Sure, I would be happy to have a chat with you about my dev.
8.37 released http://www.winitor.com/
unsure what's new.
ZIP package always contains a file called "ChangeLog.txt"
Bug report: it says there are 8 suspicious items but only shows 4.
Thank you really much for giving PESTUDIO a try! Yes, this is a bug and will be fixed in the next version will be released soon.
Yes, I'll be in Black Hat 2014 in Amsterdam to present PESTUDIO in the context of the "Black Hat Arsenal" event. I am looking forward to having a chat with you when you can.
Thanks a million times over for every new release.
@ Marc Ochsenmeier
All the best @ Black Hat 2014 in Amsterdam, & Thanx for all the updates.
You're welcome. Happy you like it. Updates published on Twitter https://twitter.com/ochsenmeier
Just wanted to write a belated thank you for your program
It's handy for the paranoiacs amongst us to confirm that when oddly named services appear, that they are in fact are connected to an on-demand scanner we just ran.
In version 8.50 the create XML file is greyed out?
Separate names with a comma.