Editor semsibey Posted January 28, 2023 Editor Share Posted January 28, 2023 pestudio v9.46 Repack & Portable https://www.winitor.com/download https://www.winitor.com/tools/pestudio/current/pestudio-features.pdf PEStudio, 32 bit ve 64 bit yürütülebilir dosyaların statik incelemesini gerçekleştiren benzersiz bir araçtır. Kötü amaçlı yürütülebilir dosya genellikle kötü niyetli davranışını gizlemeye ve tespit edilmekten kurtulmaya çalışır. Bunu yaparken, genellikle anormallikler ve şüpheli modeller sunar. PEStudio'nun amacı, bu anormallikleri tespit etmek, Göstergeler sağlamak ve analiz edilen yürütülebilir dosya için Güven puanı almaktır. Analiz edilen yürütülebilir dosya hiçbir zaman başlatılmadığından, bilinmeyen veya kötü amaçlı yürütülebilir dosyaları risk almadan inceleyebilirsiniz. PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk. Features: Indicators PEStudio shows Indicators as a human-friendly result of the analysed image. Indicators are grouped into categories according to their severity. Indicators show the potential and the anomalies of the application being analysed. The classifications are based on XML files provided with PEStudio. By editing the XML file, one can customize the Indicators shown and their severity. Among the indicators, PEStudio shows when an image is compressed using UPX or MPRESS. PEStudio helps you to define the trustworthiness of the application being analysed. Virus Detection PEStudio can query Antivirus engines hosted by Virustotal for the file being analysed. This feature only sends the MD5 of the file being analysed. This feature can be switched ON or OFF using an XML file included with PEStudio. PEStudio helps you to determine how suspicious the file being analysed is. Imports Even a suspicious binary or malware file must interact with the operating system in order to perform its activity. For this to be possible, a certain amount of libraries must be used. PEStudio retrieves the libraries and the functions used by the image. PEStudio also includes an XML file that is used to blacklist functions (e.g. Registry, Process, Thread, File, ...). The blacklist file can be customized and extended according to your own needs. PEStudio shows the intent and purpose of the application analyzed. Resources Executable files typically not only contain code but also many kinds of data types. Resources sections are commonly used to host different Windows built-in items (e.g. icons, strings, dialogs, menus) and custom data. PEStudio analyzes the resources of the file being analysed and detects embedded items (e.g. EXE, DLL, SYS, PDF, CAB, ZIP, JAR, ...). Any item can be separately selected and saved to a file, allowing the possibility of further analysis. Malware Analysis in a private context. STANDARD Detect file signature Detect hard-coded URLs and IP addresses Collect metadata Collect imports, exports, strings Retrieve manifest, resources, overlay Retrieve score from virustotal ... Malware Analysis in a professional context. PRO All features of the standard version Use pestudio in batch mode with pestudiox.exe Show items by groups and colors Create XML report file Show MITRE | ATT&CK Matrix Show .NET namespaces Dump .NET embedded file(s), etc... [File Hashes] [Original Filename] pestudio v9.46 [Repack].exe [MD5] 49F7C08082F628AA503BBBA75502FB6C [SHA-1] 46113BDFD02BE5DE544F88A88AB3C75E2063CA7E [SHA-256] BB6EA2C67A3B23CEE319A99A490F6FA365492862AB95C991ECCC8B72D7CB6ED8 2.7 MB https://www.mirrored.to/files/0GZS9LYP/pestudio_v9.46_[Repack].7z_links Quote Link to comment Share on other sites More sharing options...
Editor semsibey Posted April 3, 2023 Author Editor Share Posted April 3, 2023 Pestudio V9.49 Home: Full changelog: Please register to see this content. What's new in Version 9.49 . Extend data collection of Certificate . Extend data collection of debug . Add switch to toggle VT . Fix a crash when handling the relocations table . Fix bug when handling imports table https://www.winitor.com/tools/pestudio/current/pestudio.zip Limitations: The standard version can be used freely in a non-commercial environment but if you plan to use it commercially a license is required. Prices start at $100.00 for up to 9 licenses. Quote Link to comment Share on other sites More sharing options...
Editor semsibey Posted May 22, 2023 Author Editor Share Posted May 22, 2023 Pestudio V9.51 Home: Full changelog: Please register to see this content. https://www.winitor.com/tools/pestudio/current/pestudio.zip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.