PeStudio is a free tool which can be used to perform static analysis of any Windows application and reveals not only Raw-data, but also Indicators of Trust. Executable files analyzed with PeStudio are never started. For this reason, you can analyze suspicious applications with PeStudio with no risk!
Depending on how it is started PeStudio has a Graphical User Interface (GUI) or
a Character-Based User Interface (CUI), which is especially useful when performing
batch-mode oriented parsing of executable files.
PeStudio has a set of unique features like looking-up for the image being analyzed on Virustotal, the possibility to start new instances of PeStudio with the dependencies of the image. PeStudio does a RAW access to the data of the Windows Portable Executable format, no Windows API is used for this purpose.
Many features are unique to PeStudio, e.g. the full integration of the Scan Report of VirusTotal, the ability to Query MSDN for imported functions, the ability to create an XML report of the image being analyzed, the detection of imported functions located outside of standard Sections tables, the detection of files (e.g PDF, ZIP, JAR,...) embedded within the resources.
PeStudio detects embedded Executable files not only in the Resources sections but anywhere within the file being analyzed and even embedded in the embedded Files! PeStudio also detects when the Standard Version stream has been replaced by another stream (technique used by some malware).
Another unique feature is the detection of blacklisted strings embedded in the image. This mechanism is fully customizable to your needs based on the provided XML file.
PeStudio runs on any Windows Platform and has no dependency whatsoever, it is fully portable. PeStudio is a Zero-foot print application. It does not write to the disk or leave anything behind. No Installation is required, no registry is accessed.
Download PeStudio 7.01 for free. PeStudio has been designed and implemented by me and is made available «as is». No responsibility can be taken for its use.