The goal of PeStudio is to provide a quick way to inspect executable files without having to run them. Evidently, it cannot replace a reliable antivirus solution but it does allow you to get a detailed report about the way an executable file was built.
PeStudio can query Antivirus engines hosted by Virustotal for the file being analyzed. This feature only sends the MD5 of the file being analyzed. This feature can be switched ON or OFF using an XML file included with PeStudio. PeStudio helps you to determine how suspicious the file being analyzed is.
- All features of the standard version
- Use pestudio in batch mode with pestudiox.exe
- Show hints by groups and colors
- Show items by groups and colors
- Computer rich-header hash
- Create XML report file
- Show MITRE | ATT&CK Matrix