(Malware will usually employ various tricks to hide this kind of information, but it’s still worth a try.) Is it 32 or 64-bit, for instance? GUI, or console-based? Does it need administrative permission? Is it digitally signed?Ĭlicking the Strings tab will then reveal any embedded text strings in the program - function names, paths, prompts, web addresses, error messages and more - which can be a useful way to figure out what it’s doing. But you also get plenty of more generally useful data. Some of this is strictly experts-only, with details on the file’s use of DEP, ASLR, SafeSEH, Thread Local Storage, and so on. The first tab, Indicators, gives you some useful information about the target application.
Wait a few seconds for the program to run its analysis, and a detailed report then appears. Just download and unzip it, launch PeStudio.exe, and drag and drop your suspect executable onto the PeStudio window. It’s easy to get started with the program.
Most static analysis tools are aimed at developers and extremely complex, but the free PeStudio is an interesting exception: it offers plenty of low-level detail, but also has more straightforward features that just about anyone can use. You could also try "static analysis", which involves examining the executable file itself to learn more about it. If you find a program on your PC which you think might be malware, then checking it with an antivirus tool is a good first step - but it’s not the only option.
0 kommentar(er)
