Discussion in 'other anti-malware software' started by Tyrizian, May 27, 2013.
In version Pestudio 7,37 is language. In later versions no
@ELWIS1: Languages are back in PeStudio 7.42.
PeStudio 7.43 can filter Executable Images according to the presence (or absence) of Certificate
PeStudio 7.45 is now available with the detection of Relocations Table
Anyone interested to see PeStudio to compute and show the real check sum of the file (beside the one available in the image at OptionalHeader.Checksum)?
Anyone interested to see PeStudio "consuming" YARA rules?
Anyone using PeStudio?
Yes, still using occasionally. Use of YARA rules would be interesting.
Would it be possible to have the option to save the PeStudio window size and position?
@stackz: saving size and position would be possible, but would introduce problems when switching back and forth from one/two screens working environment (e.g. position saved on screen 2 which would not be available when booting in one screen 1 mode...)
Yes ,,Yara'' in Pestudio it can be very interesting.
Real checksum also, you can add
Real checksum will be done. Currently working on raw dump of certificates, but won't take long time to be done.
PeStudio 7.47 now supports RAW detection and handling of certificates embedded in PE files.
best part of this program for me is just drag and drop any file and in a few seconds there is the VirusTotal results
It's faster creating a Send To shortcut or using the "PeStudioIntoExplorerContextMenu.reg".
PeStudio 7.50 retrieves more details for each Certificate found, as usual only using RAW access.
@Marc - i use this program instead of AV for Internet Download Manager where it alows to select an AV for file scanning and it works great except it doesn't seem to release the file or let IDM know that it has been scanned, so the finished popup for IDM doesn't show up until i close PE Studio or close the image there. Is there an easy fix possible?
or maybe there is a command line parameter i should add to IDM where it allows to select the AV scanner program?
@Snoop3: as far as I understand you question, I can say that PeStudio opens a file to be analysed only when the file is not yet to be found in memory and it opens it with FILE_SHARE_READ access. It looks like your IDM cannot cope with that. Probably it wants exclusive access to the file.
ok, that's beyond my knowledge. all i knew was that i could type in the path to the console version of Avast or Comodo iirc and it would scan and then on completion IDM has this little popup that asks if you want to open the file or the folder or just close.
is it possible to have option for PeStudio to copy the file(s)to a temp folder (user selects directory) and then maybe some options like temp folder max size and empty temp folder on closing PeStudio? i don't know if this would solve the IDM delay but one of the few drawbacks of the program for me is that once i send a file to PeStudio i can't move the file until i close the image in PeStudio and what i'm usually doing is checking VT results, moving the file to a new folder, renaming the file, etc. most of these files are less than 1 MB so adding 10 or 20 to a temp directory wouldn't take up too much space.
Can you create/add a separate .reg file, that can remove the explorer context menu?
@TyRidian: will be done. ...but don't get rid of PeStudio..!
@TyRidian: PeStudio 7.51 contains the new reg file to remove PeStudio from the explorer context menu.
@Snoop3: PeStudio 7.51 releases images much earlier, this should solve your issue with the IDM.
If the new version doesn't help you, try using VT Hash Check to scan your downloaded files in IDM.
thanks 0strodamus, but it wants me to register and download an API which i'm guessing will be a unique identifier and as VT is now owned by Google i'm not too keen on adding more of my info to their database. i was hoping (and maybe i'm incorrect) that PE Studio is a way to access VT hashes without giving up any unique ID except IP address, which is always changing for me.
@Snoop3: Yes, PeStudio does not need any installation and has its own (encrypted) VT key. PeStudio does not need anything else to submit your files to VT. Your IP address, which is always changing, does not matter....does that help?
PeStudio 7.52 is now availabe to fix an issue with the certificates.
Separate names with a comma.