pestudio is a tool that is used in many Cyber Emergency Response Teams (CERT) worldwide in order to perform malware initial assessment.
Malicious software often attempts to hide its intents in order to evade early detection and static analysis. In doing so, it often leaves suspicious patterns, unexpected metadata, and sometimes even anomalies.
The goal of pestudio is to spot these artifacts in order to ease and accelerate the Malware Initial Assessment. The tool uses a powerful parser and a flexible set of configuration files that are used to provide many of indicators and determine thresholds. Since the file being analyzed is never started, you can inspect any unknown or malicious executable file and even ransomware without a risk of infection.