vendredi 26 juin 2015

Investigate suspect files with Exeinfo PE

Exeinfo PE

If you find a suspect executable file on your system then you’ll probably start by running an antivirus scan, but that may not tell you very much. Even a "clean" verdict only means "clean right now", and it tells you nothing about the file itself, where it’s from, or what it might be trying to do.

Exeinfo PE is a free tool which analyses executable and other types of files, and tells you more about them. It can’t directly detect malware, but might be able to help you better understand a mystery file.

Drag and drop a file onto the program and you’ll immediately see some key details, including whether it’s a 32 or 64-bit executable (if either), and a GUI or a console program.

Exeinfo PE also analyses the signature of the file to tell you more about it, whether this is a C# file, .NET, Delphi 2013, VB, maybe an Inno Setup project. It also recognizes many non-executable file types, and can identify images, archives, documents and more, even if the original file extension has been lost.

The program can also detect whether a file is packed, compressed or protected, displaying details on the packer and (sometimes) providing ways around it.

A built-in ripper is able to find and extract various resources from the file: archives, images, other executables, more.

Explore the interface and you’ll also find a file hasher, section and overlay tools, a scanner for Registry-related strings, a hex search, a disassembler and assorted other extras.

Exeinfo PE isn’t as polished as PEStudio or some other static analysis tools, but its signatures and built-in ripper are unusual plus points, and on balance it deserves a place in your security toolkit.



Aucun commentaire:

Enregistrer un commentaire