Malicious executables often attempt to hide their behavior and evade detection. By doing so, they present anomalies and suspicious patterns. Pestudio is a free tool that allows you to perform an initial assessment of a malware without even infecting a system or studying its code.
Pestudio works on any Windows machine without installation. Its footprint is zero – it makes no modifications to the system. Since the tool never starts the executable being analyzed, one does not even need a sandbox to analyze malware. There is essentially no risk of infection.
⤷ Transform RAW data into information;
⤷ Spot anomalies;
⤷ Detect embedded files;
⤷ Collect imports , exports, strings, resources , ...;
⤷ Provide hints, indicators, groups;
⤷ Provide @ MITREattack indicators;
⤷ Retrieve scores from @ Virustotal;
⤷ Consume configurations files;
⤷ Create XML report.
There are two different versions of PeStudio - Standart and Pro: