If you find a suspect executable file on your system then you’ll probably start by running an antivirus scan, but that may not tell you very much. Even a "clean" verdict only means "clean right now", and it tells you nothing about the file itself, where it’s from, or what it might be trying to do.
Exeinfo PE is a free tool which analyses executable and other types of files, and tells you more about them. It can’t directly detect malware, but might be able to help you better understand a mystery file.
Drag and drop a file onto the program and you’ll immediately see some key details, including whether it’s a 32 or 64-bit executable (if either), and a GUI or a console program.
Exeinfo PE also analyses the signature of the file to tell you more about it, whether this is a C# file, .NET, Delphi 2013, VB, maybe an Inno Setup project. It also recognizes many non-executable file types, and can identify images, archives, documents and more, even if the original file extension has been lost.
The program can also detect whether a file is packed, compressed or protected, displaying details on the packer and (sometimes) providing ways around it.
A built-in ripper is able to find and extract various resources from the file: archives, images, other executables, more.
Explore the interface and you’ll also find a file hasher, section and overlay tools, a scanner for Registry-related strings, a hex search, a disassembler and assorted other extras.
Exeinfo PE isn’t as polished as PEStudio or some other static analysis tools, but its signatures and built-in ripper are unusual plus points, and on balance it deserves a place in your security toolkit.
Aucun commentaire:
Enregistrer un commentaire