PeStudio is a free tool which can be used to perform static analysis of any Windows application and reveals not only Raw-data, but also Indicators of Trust. Executable files analyzed with PeStudio are never started. For this reason, you can analyze suspicious applications with PeStudio with no risk!
Depending on how it is started PeStudio has a Graphical User Interface (GUI) or a Character-Based User Interface (CUI), which is especially useful when performing batch-mode oriented parsing of executable files.
PeStudio has a set of unique features like looking-up for the image being analyzed on Virustotal, the possibility to start new instances of PeStudio with the dependencies of the image. PeStudio does a RAW access to the data of the Windows Portable Executable format. No Windows API is used to gather elements.
A feature which is also unique to PeStudio is the ability to create an XML report of the image being analyzed.
发表于 2014-1-19 10:57
发表于 2014-1-22 10:15
