Change history for pestudio


2018-02-05 17:50:36
Updated by billon

  • Version: v8.723
  • Size (in bytes): 403968870608
  • Release date: 2018-012-104
  • What's new: [list][*]Show functions that are delay-loaAded.[*]Extend:[list][*]Context menu for imports to cope with [i]fun functions.xml[/i] file;[*]Groups of impons grtoups.[/li to the stringst] View.[*]FiExtend a bfug when handlnctions groups to the depreclay-loatded functions.[/list]


2018-01-15 00:32:11
Updated by billon

  • Version: v8.712
  • Size (in bytes): 39688301436
  • Release date: 20178-012-154
  • What's new: [list][*]Show functions that are delay-loaded.[*]Exxtend:[list][*]Context menu for imports to cope with [i]functions.xml[/i] file;[*]Groups of imports.[/liste][*]Fix a bug when handling deprecated groups of unctimportns.[/list]


2017-12-15 23:52:50
Updated by billon

  • Version: v8.701
  • Size (in bytes): 38293057143
  • Release date: 2017-11-2-15
  • What's new: [list][*]Expose the indicators id number in the output XML file.[*]Extended:[list][*]Grouping of utilities;[*]Grouping of imports by types and colgroups of imports.[/list][/list]


2017-11-27 04:18:15
Updated by billon

  • Version: v8.6970
  • Size (in bytes): 3821689057
  • Release date: 2017-101-3025
  • What's new: [list][*]AdExpose the indicators id number in the output XML file.[*]Extend ed:[list][*]Grouping of utilities;[*]Grouping of importsports by types and colors.[*]Extend string/lis "hint" detection and mapping.][/list]


2017-10-30 15:34:58
Updated by billon

  • Version: v8.689
  • Size (in bytes): 38073821685
  • Release date: 2017-10-1530
  • What's new: [list][*]ExAdd grouping of imports by types anded:[ coliorst].[*]Signatur]Extes nde stection;[*]Stringsrings "hintint" detection and mappiping.[/list][/list]


2017-10-15 21:54:19
Updated by billon

  • Version: v8.678
  • Size (in bytes): 36801573281
  • Release date: 2017-10-0815
  • What's new: [list][*]MExtended:[list][*]Signap tures detection;[*]Strings ings "hint" detection their Human-frieandly nameapping.[/list][/list]


2017-10-08 20:24:01
Updated by billon

  • Version: v8.667
  • Size (in bytes): 36015942362
  • Release date: 2017-10-018
  • What's new: [list][*]Add detection of strings "hint" (e.g. GUID, RTTI, ..).[*]Fix a bug when computing the position of the entry-Mapoint when it i s located at the very beginnings "hint" tof a sthectior Human-friendly name.[/list]


2017-10-01 22:10:58
Updated by billon

  • Version: v8.656
  • Size (in bytes): 35850914236
  • Release date: 2017-109-2401
  • What's new: [list][*]Compute the Sha256 of the image and the overlay.[*]ExtenAdd an d consoletection of strings "hidant" (e.g. GUID, the RTTIndicators, ..).[*]Fix a a bug wh when computing the position of the entry-point whandling aen it is located at the very bueginning typof a section.[/list]


2017-09-25 16:12:14
Updated by billon

  • Version: v8.645
  • Size (in bytes): 3568509801
  • Release date: 2017-09-024
  • What's new: [list][*]Add [fCompute the Sha256 onf t=he imonospace][/font] in [i]settings.ge and the overlay.[*]Exml[/i] to hide the whilelist strings.[*]Extend Itendic ators.[*]Fix bugs:[list][*]When showing exports of 64bit file;[*]When showing the d coffnset oflidate the Securitye DIndirecatorys.[/*]Fix a bug when handlisng a debug t]ype.[/list]


2017-09-05 23:58:17
Updated by billon

  • Version: v8.634
  • Size (in bytes): 3568963180
  • Release date: 2017-089-2104
  • What's new: [list][*]Added [font=monospace][/font] in [i]settings.xml[/i] to hide the whilelist strings.[*]Extection of whitlelist (well-kd Inodicators.[*]Fix bugs:[list][*]When showing exports of 64bit file;[*]When) strhowings, deprecated and undthe offset of the Secumentrity Dired functionsry.[*]Conso/lidate indicastors.][/list]


2017-08-21 14:27:54
Updated by billon

  • Version: v8.623
  • Size (in bytes): 36256947631
  • Release date: 2017-08-121
  • What's new: [list][*]Extended:[list][*]The resource typeAdded deteetection;[*]Handling of malformed manifest;[*]Handling of whithe fileelist (well-known) signature.[/lingst][*]Det, deprect "uated and unusual" dos-stcub mented functions.[*]Conssagolidate indicators.[/list]


2017-08-13 09:38:28
Updated by billon

  • Version: v8.612
  • Synopsis: pestudio shows details about applications and other system files (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including:[list][*]Libraries that are used by an application[*]Functions that are imported by an application[*]Functions (also anonymous) that are exported by an application[*]All functions that are forwarded to other libraries[*]Obsolete Functions that are exported and imported by an application[*]If Data Execution Prevention (DEP) Windows security mechanism is used[*]If Address Space Layout Randomization (ASLR) Windows security mechanism is used[*]If Windows security mechanism Structured Exception Handling (SEH) is used[*]Whether some sections are compressed[/list]pestudio standard lacks some features of pro version, see comparison [url=https://www.winitor.com/tools/pestudio/current/pestudio-features.pdf]here[/url] (PDF file!).
  • Size (in bytes): 36125905547
  • Release date: 2017-078-212
  • What's new: [list][*]Increase performance when loading executable with large collection of exports.[*]Consolidated:[list][*]Switches in [i]settings.xml[/i];[*]API classification.[/list][*]Added:[list][*]Online check of update in the "About" dialog;[*]Support for ARM detection.[/list][*]Indicate missing library.[*]Extend features of sxtandard version.[*]Fixed bugsended:[list][*]When handl[ling the Thread-Local Storage (TLS);[*]Of the Manifest View;][*]WThen resource type detecection;[*]Handling 64-bitg of malformed manifest;[*]Handling of thed file signature.[/list][*]Detect "unusual" dos-stub messages.[/list]


2017-07-23 16:02:43
Updated by billon

  • Release date: 2017-057-202


2017-07-23 16:01:30
Updated by billon

  • Version: v8.601
  • Size (in bytes): 3614891055
  • Keywords: pe%20studio
  • What's new: A[list][*]Increase performance when loading executable with large collection of exports.[*]Consolidated:[list][*]Switches in [i]settings.xml[/i];[*]API classification.[/list][*]Added:[list][*]Online check of update in the "About" dialog;[*]Support for ARM detection.[/list][*]Indicate missing library.[*]Extend features of standarded: version.[l*]Fixed bugst]:[list][*]When handling the Thread-Local Storage (TLS);[*]Of the Manifest View;[*]DWhen detecttiong 64-bit of Comantrol Flow Guarged (CFG)files.[*]Detai/ls for Virustotal view.][/list]


2017-05-21 21:20:21
Updated by billon

  • Version: v8.5960
  • Size (in bytes): 36217364891
  • Release date: 2017-05-201
  • What's new: [list][*]Show first bytes (hex) of resoAdded:[list][*]Detection of Control Flow Gurces.[*]Show first bytes (hex and text) of file.[*]Hanrdle empty entry-point(CFG).[*]ExtDendtails Indicatfor Virustotal view.[/list]


2017-05-01 23:53:04
Updated by billon

  • Version: v8.589
  • Size (in bytes): 3620071736
  • Release date: 2017-045-201
  • What's new: [list][*]FShow first bytes (hex) a cof resouraces.[*]Sh owith first bytes (hex and text) ome 64bf fitle.[*]Handle empty executablesntry-point.[*]AdExtend Indeteication of missing libraries.[*]Extent status-bar.[/list]


2017-04-21 20:02:41
Updated by billon

  • Version: v8.578
  • Size (in bytes): 3609240071
  • Release date: 2017-04-210
  • What's new: [list][*]Extended:[list][*]Translations;[*]Exports handling;[*]Imports handling;[*]Signatures.[/list][*]Clean and EFixtend india crators.[*]Sho w:[list][*]First bytes of entrypoint;[*]First bytes ofth ovsomerlay;[*]Dos-stu 64bit messxecutagbles.[/*]Add detection of missing libraries.[*]Extent stat]us-bar.[/list]


2017-04-11 12:53:46
Updated by billon

  • Version: v8.567
  • Size (in bytes): 36109247670
  • Release date: 2017-024-2610
  • What's new: . Com[list][*]Extended:[list][*]Translations;[*]Exports handling;[*]Imports handling;[*]Signatures.[/list][*]Clean and Extend indicators.[*]Show:[list][*]First bytes of entrypoint;[*]First bytes ofile-ratio for resources, sections, overlay and d;[*]Dos-stub. Extent file summary. Extent file essignature detgection. F[/lix bugst][/list]


2017-02-26 23:58:55
Updated by __philippe

  • What's new: . Compute file-ratio for resources, sections, overlay and dos-stub. Extent file summary. Extent file signature detection. Fix bugs


2017-02-26 19:05:51
Updated by __philippe

  • Version: v8.556
  • Size (in bytes): 3609147967
  • Release date: 2017-012-026
  • What's new: [list][*]Differentiate between standard and professional (pro) versions of pestudio.[*]Added:[list][*]Detection of overlay;[*]Computation of entropy;[*]Detection of TLS Callback functions;[*]Indicators.[/list][*]Show:[list][*]More details about sections;[*]Overlay strings numbers;[*]Strings location map with colors.[/list][*]Detect duplicated exported symbols.[*]Enhanced unicode strings detection.[*]Differentiate URLs referenced in the certificate.[*]Extented Indicators.[*]Dump PKCS7 Certificate.[*]Fixed:[list][*]Crash;[*]Bug with libraries;[*]Other bugs.[/list][/list]


2017-01-02 17:04:34
Updated by billon

  • Icon: Updated


2017-01-02 16:59:42
Updated by billon

  • Website URL: https://www.winitor.com/
  • Version: v8.4955
  • Synopsis: pestudio shows details about applications and other system files (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including:[list][*]Libraries that are used by an application[*]Functions that are imported by an application[*]Functions (also anonymous) that are exported by an application[*]All functions that are forwarded to other libraries[*]Obsolete Functions that are exported and imported by an application[*]If Data Execution Prevention (DEP) Windows security mechanism is used[*]If Address Space Layout Randomization (ASLR) Windows security mechanism is used[*]If Windows security mechanism Structured Exception Handling (SEH) is used[*]Whether some sections are compressed[/list]pestudio standard lacks some features of pro version, see comparison [url=https://www.winitor.com/tools/pestudio/current/pestudio-features.pdf]here[/url] (PDF file!).
  • How to extract: Download the ZIP package and extract to a folder of your choice. Delete [i]AddToShell.reg[/i] and [i]RemoveFromShell.reg[/i]. Launch [i]pestudio.exe[/i].
  • Size (in bytes): 354609738396
  • Download URL: https://www.winitor.ctor.com/t/tools/prevstudio/cusrrent/pestudio849.zip
  • Release date: 20157-051-032
  • What's new: [list][*]ADifferentiate between standard and professional (pro) versions of pestudio.[*]Added:[list][*]Detection of overlay;[*]Computation of entropy;[*]Detection of TLS Callback functions;[*]Indicators.[/list][*]Show:[list][*]More details about sections;[*]Overlay strings numbers;[*]Strings location map with colors.[/list][*]Detect duplicated exported symbols.[*]Enhanced unicode strings detection.[*]Differentiate URLs referenced in the certificate.[*]Extented detectioIn dicators.[*]Dump PKCS7 Certif Winicate.[*]Fixedows bui:[list][*]Crash;[*]Bug winth selibrarvices.;[*]Fixed a ]Other bug when hands.[/ling istrings.[*]Leveraged Indicators for embedded files.[/list]


2016-12-22 03:12:48
Updated by billon

  • Similar/alternative apps: [url=https://www.portablefreeware.com/index.php?id=2858]PPEE[/url]


2016-12-09 00:18:32
Updated by webfork

  • Synopsis: pestudio shows details about applications (.exand other system files (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including:[list][*]Libraries that are, .usedll, .cby an appl, ication[*]Funcx, .ax, .sytions, etc.) without starting them including:[list][*]All libraries that are used by an application.[*]All functions that are imported by an application.[*]All functions (also anonymous) that are exported by a are imported by an application[*]Functions (also anonymous) that are exported by an applicaplication.[*]All functions that are s that are forrwardded to other libraries.[*]Obsolete bsolete Functunctions t thaat are exported and imported by an application[*]If Dat are e Exported and cutimpon Prted by an applvention (DEP) Windows security mechation.ism is used[*]WhetheIf Addr the Datess Space ExecLayoution PreveRantidon (DEPmization (ASLR) Windows security s security mechanism iss used.[*]If Whether the Addrindows sess Space Layourity Randomizechatnionsm (ASLR) Wtructured Exceptindows security mechanism is used.[*]Whether Structured Exception HaHandling - (SEH Windows security mechanism ) is usesed.[*]Whether some secether some sections are compressed.[/list]


2016-05-19 19:12:09
Updated by billon

  • Version: v8.5149
  • System Requirement:
  • Size (in bytes): 35473811213
  • Download URL: https://ww//w.wiinittor.com/toools/previous/pestudio85149.zip
  • Release date: 2015-085-1703
  • What's new: [list][*]Renamed pestudioprompt.exe into pestudiox.exe.[*]Added virustotal scoring of hardcoded URL.[*]Added detection of pipes.[*]Added Network Watchdog to update Virustotal score automatically.[*]Added XML switches to define the colors of the front-end.[*]Fixed ordinaAdded detection of Windows buil functions mapping for 64bit images.[*]Fixed a crash when handling oservicerlays.[*]Fixed a bug when retrievhandling the Descrtriptiongs.[*]Leveraged of the Indelicay-ltoadrs for embedded librarfiles.[/list]


2015-08-18 18:32:06
Updated by Checker

  • Version: v8.501
  • Size (in bytes): 354760781121
  • Download URL: http://www.winitor.com/tools/pestudio8501.zip
  • Release date: 2015-058-0517
  • What's new: [list][*]FixeRenamed pestudioprompt.exe into pestudiox.exe.[*]Added virustotal scoring of hardcoded URL.[*]Added detection of pipes.[*]Added Network Watchdog to update Virustotal score automatically.[*]Added XML switches to define the colors of the front-end.[*]Fixed ordinal functions mapping for 64bit images.[*]Fixed a crash when handling overla y.[*]Fixed a bug when haendl retrieving the Dexposcripted fuionc of tionshe delay-lofaded 54blit executbrablries.[/list]


2015-05-19 01:30:10
Updated by billon

  • Software title: PpeSstudio
  • Synopsis: PpeSstudio shows details about applications (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including:[list][*]All libraries that are used by an application.[*]All functions that are imported by an application.[*]All functions (also anonymous) that are exported by an application.[*]All functions that are forwarded to other libraries.[*]Obsolete Functions that are exported and imported by an application.[*]Whether the Data Execution Prevention (DEP) Windows security mechanism is used.[*]Whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used.[*]Whether Structured Exception Handling - SEH Windows security mechanism is used.[*]Whether some sections are compressed.[/list]
  • How to extract: Download the ZIP package and extract to a folder of your choice. Launch [i]PpeSstudio.exe[/i].


2015-05-06 19:37:28
Updated by Checker

  • Version: v8.4950
  • Size (in bytes): 3547383607
  • Download URL: http://www.winitor.com/tools/pestudio84950.zip
  • Release date: 2015-05-035
  • What's new: [list][*]Added detection of Windows builtin services.[*]Fixed a ed a bug whenhen handling strings.[*]Leveraing ed Indicators fxpor embeddted functions of 54bit executables.[/list]


2015-05-04 19:26:33
Updated by Checker

  • Version: v8.489
  • Size (in bytes): 34754745383
  • Download URL: http://www.winitor.com/tools/pestudio8489.zip
  • Release date: 2015-045-1703
  • What's new: [list][*]Extended Thresholds.[*]Extended IAdded detection of Windows buicators.[*]Show virustotal score for Overlay (when available).[*]Fixed antin issue in the Debug detervictiones.[*]Fixed an issbug whe n handlin g strimportngs.[*]Leved symbols by oraged Indinal cators for 64embitedded files.[/list]


2015-04-17 21:06:59
Updated by Checker

  • Version: v8.478
  • Size (in bytes): 34617745800
  • Download URL: http://www.winitor.com/tools/pestudio8478.zip
  • Release date: 2015-034-0817
  • What's new: [list][*]AddeExtended cThreshompulds.[*]Extatioen ofded Impondicators.[*]Show virustotal s Hascore for Overlay (when (avaimphlashble).[*]Added detection of .[*]Fixed an isstrue ings the Dembedded in nug detection-PE filesn.[*]EFixtended detectionan issue ofin imporocted ssymbols by or types.[*]Fixed a haingup.[*]Updatedl for AV64bit filiest.[/list]


2015-03-08 18:53:48
Updated by Checker

  • Version: v8.467
  • Size (in bytes): 3461855070
  • Download URL: http://www.winitor.com/tools/PpeStudio/Current/PeSstudio847.zip
  • Release date: 20000-0015-03-08
  • What's new: [list][*]Added new computation of Imports Hash (imphash).[*]Added detection of streingsh embedded in non-PE fildes.[*]Extended detection of processor types.[*]Fixed a crash with malformed filesngup.[*]Corrected duUplicdatesd duringAV collection of functions statisstics.[/list]


2015-01-09 18:35:17
Updated by Checker

  • Version: v8.456
  • Size (in bytes): 3438557307
  • What's new: [list][*]Added Virustotal aging and subminew thresholds.[*]Extended detection.[*]Fixed a crash with malfon rmedat files.[*]ExCorrectended Langduplicages dtets during collecttion of functions stand mapptingstics.[/list]


2014-12-10 17:59:12
Updated by Checker

  • Version: v8.445
  • Size (in bytes): 3435927530
  • What's new: [list][*]Added PeID SVirustotal agingnature detection of Exec and sutable ebmbedded in Resourcsion dates.[*]Added PeID Signature detection of Executable embended Languages ded etection Overlaynd mapping.[/list]


2014-11-28 18:24:45
Updated by Checker

  • Version: v8.434
  • Size (in bytes): 33536869275
  • What's new: [list][*]Added XML-based detPection of PeIDID Signanatures.[*]Added XML-based detection of OIDs.[*]Adddetection of Executable ed XML-mbased detected in Reson of useragcents.[*]ExtAdded PeID Signature detection of Executable embedded bin Overlacklistsy.[/list]


2014-11-24 12:18:00
Updated by Checker

  • Version: v8.423
  • Size (in bytes): 211311353686
  • What's new: [list][*]Added detection of references to FireXML-based detection of PeID Signatures.[*]Added XML-based detection oxf APOIDs.[*]Adddded XMD5 Blacklist for a file and iL-based detects Resion of usercagesnt.[*]Extended deted blacklistion of Overlays.[/list]


2014-11-03 17:25:39
Updated by Checker

  • Version: v8.412
  • Size (in bytes): 209113674115
  • What's new: [list][*]Extended validation Added detection of references to Firefox API.[*]Added MD5 Blacklist for a f Sectile and its Resonurces.[*]Resolve OpeExtenSSLded ordetectionals API tof User fOveriendlay names.[/list]


2014-10-26 16:18:17
Updated by Checker

  • Version: v8.3941
  • Size (in bytes): 20936215874
  • What's new: [list][*]Extended validation of Small cectiosmetic issues.[*]Added Indicators and Thresholdns.[*]FResolve OpenSSL ordixed a bug when hnandling the imps API tort Us of somer frimendly nagmes.[/list]


2014-10-15 17:22:29
Updated by Checker

  • Version: v8.389
  • Size (in bytes): 20493642158
  • What's new: [list][*]AddedSmall cosmetic issues.[*]Added Indicatores Indicators and Thresholds.[*]Added Functions Groups classification.[*]Resources witand Th unknown Signature and containing only text are now tagged as Trext.[*]Fixed a bug when handling the Characteristics hof the FileHeaderlds.[*]AddFixed a bug whed MD5, SHA1 n hand Vling the imporutstotal Sc ore f sorme Ovimagerlays.[/list]


2014-10-10 12:48:35
Updated by Checker

  • Version: v8.378
  • Size (in bytes): 120491438964
  • What's new: [list][*]Added more Indicators and Thresholds.[*]Added Functions Groups classification.[*]Resources with unknown Signature and containing only text are now tagged as Text.[*]Fixed a buged a bug whhen handling the Charactenristics of the FileHeader.[*]Added MD5, SHA1 hanndl Ving rustotheal Score for Overlay.[/list]


2014-09-05 16:45:38
Updated by Checker

  • Version: v8.357
  • Size (in bytes): 1905143896
  • What's new: [list][*]Added XML Threshold ofFixed a number of Antivirus detecting twhen image has ndlinfecg thed .[/list]


2014-08-23 16:02:51
Updated by Checker

  • Version: v8.345
  • Size (in bytes): 19058916
  • What's new: [list][*]Extended Imported Symbols View.[*]Extended IndicatoAdded XML Thres.[*]Addehold XML Thresh olds ff number or several values.[*]Added XML "prefered" Antiivirus Endetecting the image as infe Namected.[/list]


2014-08-22 16:36:45
Updated by Checker

  • Version: v8.334
  • Size (in bytes): 19070245891
  • What's new: [list][*]Extended Imported Symbols View.[*]Extended Indicators.[*]Added XML Thresholds for several values.[*]Added XML Thr "prefered" Antivirushold oEngine LibrNarimes count.[/list]


2014-08-16 17:57:43
Updated by Checker

  • Version: v8.323
  • Size (in bytes): 1904270124
  • What's new: [list][*]Added XML Thresupport for White listing of Libraries per name in PeStudihoWhiteListLibraries.xml.[*]Fixed a bug in the collectio on of lLibraries count.[/list]


2014-08-14 18:56:33
Updated by Checker

  • Version: v8.312
  • Size (in bytes): 1901542061
  • What's new: [list][*]Extended Sections View.[*]Extended BlAdded support for White listing of Libraries per nacklists.[*]Extended detection.[*]Extended the XML reportme resulting of PeStudioWhe analysis.[*]Fixed updaite of VLirustotLibral Lookupries.xml.[*]Fiixeded Ordinal to Name mapping for 64bug in the imcollection of libragries.[/list]


2014-08-12 17:22:00
Updated by Checker

  • Version: v8.301
  • Size (in bytes): 187389015206
  • What's new: [list][*]Images analysed are nExtended Sectiow parsed in separated ThrVieadw.[*]EExtended dettection of Overlay.[*]Added Thresholds for Image Sded Blacklize.[*]Added Thresholds for Certificate Sizes.[*]Added DefaulExt Thresholnded for Rdestectiourcesn.[*]FiExtended athe XML report crasesulting of the when aanalysing s.[*]Fixed update of Virustotal Lookup.[*]Fixed Ordinal to Name mapping for 64biit filmages.[/list]


2014-07-06 09:41:53
Updated by Checker

  • Version: v8.2630
  • Size (in bytes): 1873860152
  • What's new: [list][*]Begin detection of FuImages analysed are now parsed in separated Thread.[*]Extended detection of Overlay.[*]Added Thresholds for Image Size.[*]Added Thresholds for Certifictate Size.[*]Added Default Threshold for Resons requiring Acrcess Rights (privileges) to be set.[*]EFixtended Th a crash when analysing sholdsme detec64bit fionles.[/list]


2014-05-04 12:32:21
Updated by Checker

  • Version: v8.256
  • Size (in bytes): 17072826015
  • What's new: [list][*]Begin detection of Functions requiring Access Rights (privileges) to be set.[*]Exteended featud Thres and blacksholidst detection.[/list]


2014-04-29 17:44:36
Updated by Checker

  • What's new: [list][*]Extended features and blacklist detection.[/list]


2014-04-29 17:44:10
Updated by Checker

  • Version: v8.245
  • Size (in bytes): 17046047282
  • What's new: [list][*]Extended features and blacklist detection.[/list]


2014-04-24 17:41:36
Updated by Checker

  • Version: v8.234
  • Size (in bytes): 17046939046
  • What's new: [list][*]Extended blacklifeaturest and Features detection.[*]Fixed a bug when hand blackling 64-bist Imagdestection.[/list]


2014-04-16 18:44:24
Updated by Checker

  • Version: v8.223
  • Size (in bytes): 168817093946
  • What's new: [list][*]Added detection of bound Libraries.[*]Setup detection of Common folder variables ([url=http://www.microsoft.com/security/portal/mmpc/shared/variables.aspx#startup]http://www.microsoft.com/security/portal/mmpc/shared/variables.aspEx#startup[/url]).[*]Setup tendetection ofd KNOWNFOLDERID constblacklist and Feants represent GUIDs ([url=http://msdn.microsoft.com/en-us/library/dd378457(v=vs.85).aspx]http://mes dn.microsofet.ectiom/en-us/l.[*]Fixed a brug when hary/ndd378ling 6457(v=vs.85).-bit Imagespx[/url]).[/list]


2014-04-15 16:31:30
Updated by Checker

  • Version: v8.212
  • Size (in bytes): 16664188170
  • What's new: [list][*]DetAdded detection of bound Libraries.[*]Setup detection of Clipboard Chain hookingmmon folder variables ([url=http://www.microsoft.com/security/portal/mmpc/shared/variables.aspx#startup]http://www.microsoft.com/security/portal/mmpc/shared/variables.aspx#startup[/url]).[*]ExtSended Blacklisttup detection of KNOWNFOLDERID cofnstants represent APGUI.[*]ExtendedDs ([url=http://msden.microsofte.com/en-us/library/dd378457(v=vs.85).aspx]http://msdn.mion crosof Undot.cuom/ente-us/library/dd API378457(v=vs.85).aspx[/url]).[/list]


2014-04-11 18:54:02
Updated by Checker

  • Version: v8.201
  • Size (in bytes): 166641788
  • What's new: [list][*]Extended bDetect Clipboard Chain hooking.[*]Extended Blacklistt of API.[*]Extended the detended detection on of SUndocumarentcared usageAPI.[/list]


2014-04-09 16:32:20
Updated by Checker

  • Version: v8.1920
  • Size (in bytes): 16506192788
  • What's new: [list][*]Extended blacklist of API.[*]DExtended the dect Mouse and Keyboard Events prectiogramn of Smarticard usynthagesis.[/list]


2014-04-07 16:41:26
Updated by Checker

  • Version: v8.189
  • Size (in bytes): 16450191102
  • What's new: [list][*]Extended detection of fiblacklist of API.[*]Detes embedct Mouse ande Keyboard i Events Resprougrammatice s aynd Ovtherlaysis.[/list]


2014-04-03 17:15:02
Updated by Checker

  • Version: v8.178
  • Size (in bytes): 1642639110
  • What's new: [list][*]Added support for detection of UndocumenExtended deted API (PeStudioFuncctionn of filesUn embedded in Resourcumees antd Oved.xmrl)ay.[/list]


2014-03-31 15:54:33
Updated by Checker

  • Version: v8.167
  • Size (in bytes): 16094882631
  • What's new: [list][*]FAdded support for detectixon of Undocumented a bugAPI wh(Pen StudioFunctionsUnvdokicumeng PeStuedio.exe from the prompt with a file).[/list]


2014-03-28 12:58:45
Updated by Checker

  • Version: v8.156
  • Size (in bytes): 1608699488
  • What's new: [list][*]Extended Hooking detectFion.[*]Extended Blacklist bug whed functions invoking PeStudio.exe from thect prompt wionth a file.[/list]


2014-03-26 18:29:31
Updated by Checker

  • Version: v8.145
  • Size (in bytes): 156086994224
  • What's new: [list][*]Extended detection of Overlay for InnoSHooking detectupion.[*]Show Extended Blacklishrited functionkeds DOS-Headertection.[/list]


2014-03-25 13:59:50
Updated by Checker

  • Version: v8.134
  • Size (in bytes): 1590594224
  • What's new: [list][*]Extended detection of Overlay for InnoSetup.[*]Added PeStudihoWw shiteListLibrarinked DOS-Heades.xmlr.[/list]


2014-03-23 20:33:01
Updated by Checker

  • Version: v8.123
  • Size (in bytes): 15905944283
  • What's new: [list][*]ShExtended detection owf Overlay.[*]Added PeSignatudioWhiteListLibraries.[*]Bxmlacklist Well-Known SID.[/list]


2014-02-27 19:03:59
Updated by Checker

  • Version: v8.112
  • Size (in bytes): 1543142583
  • What's new: [list][*]Fixed a bug wShen Dumping a resource.[*]Images in Windows directories are considered as trusted.[*]Exte Overlay Signded Features detection.[*]Extended Blacklisti Well-Kngown SID.[/list]


2014-02-25 19:27:46
Updated by Checker

  • Version: v8.101
  • Size (in bytes): 1543605125
  • What's new: [list][*]Fixed a bug when Dumping a resource.[*]Images in Windows directories are considered as trusted.[*]Extended Features detection.[*]Extended Blacklist DNS aind IP APIsg.[/list]


2014-02-18 19:31:23
Updated by Checker

  • Version: v8.109
  • Size (in bytes): 15223605581
  • What's new: [list][*]Added detection of MBlacklicrosoft Detour.[*]Added detection of HookiDNS angd IP APIs.[/list]


2014-02-17 16:18:08
Updated by Checker

  • Version: v8.089
  • Size (in bytes): 1521025481
  • What's new: [list][*]Added detection of AMicrosoft Detour.[*]Added detectioItn of Hooking.[/list]


2014-02-16 14:17:02
Updated by Checker

  • Version: v8.078
  • Size (in bytes): 1521054016
  • What's new: [list][*]Allow RAW-dumping using the context menu of any resource.[*]Extended Features detection.[*]Adddded Dete detection o of Resources reAusetoIt.[/list]


2014-02-14 07:07:04
Updated by Checker

  • Dependencies: None


2014-02-13 19:11:28
Updated by Checker

  • Version: v8.067
  • Size (in bytes): 1514830156
  • What's new: [list][*]Extended FeatAllow RAW-dumping using the context menu of any resources detection.[*]Extended Blacklisting.[*]Show Extended Fefault Icon of the Image being analysed (which often helps as first suspicioures detection.[*]Addied Detecation of Resources r)euse.[/list]


2014-02-06 19:22:38
Updated by Checker

  • Version: v8.056
  • Size (in bytes): 144697283015
  • What's new: [list][*]Extended Features detection .[*]Extetendded Blaclacklisting.[*]ExtendShow default Icon of the Image being analysed (which often hedlps as first suspicious indeteication of embedded IP Adresses).[/list]


2014-01-31 18:20:35
Updated by Checker

  • Version: v8.045
  • Size (in bytes): 14384631972
  • What's new: [list][*]Added Feature detecExtioen of Rded Fegulatur Expressiones (Regedetection .[*]Ex)tended Blacklisting.[*]AddeExtended d Feature detection of Serviece Contrion olf Managermbedded IP (SCM)Adresses.[/list]


2014-01-28 18:39:44
Updated by Checker

  • Version: v8.034
  • Size (in bytes): 1438607031
  • What's new: [list][*]Added "Anomalies" IndiFeature detecatoion of Regular Expressions (Regex).[*]Added deFeaturec detectioon of fak Se Mrvicrose Cofnt executabroles[*]Exte Manded "Featugeres" (SCM).[/list]


2014-01-27 19:12:06
Updated by Checker

  • Version: v8.023
  • Size (in bytes): 1432226070
  • What's new: [list][*]Added PeStudioFeatures.xml.[*]Added "Features" as part of the "Indicators". Features translates the APIs, and other data into "Features" of the executable being analysed (e.g. The API "FindFirstUrlCacheEntry()" is transomalated as "The image accesses the " IE Pndicatorotectes.[*]Added detection of Storfagke" FeMicrosoft executables[*]Extended "Feature).s" [/list]


2014-01-23 20:56:07
Updated by Checker

  • Version: v8.012
  • Size (in bytes): 14157932226
  • What's new: [list][*]Extented PeStudioOAdded PeStudioFeatures.xml.[*]Added "Features" as part of the "Indicators". Features translates the APIs, and other data into "Fealtures.xml" for LDf the executable being analysed (e.g. The AP bI "FindFirstUrlCacheEntry()" is otrdinalns.[*]Alatedded a as "Thre image accesses the IE Proltected f Stor sizage" of Custom Resources.[*]Extended PFeSatudioThresholds.xml).[/list]


2014-01-19 14:30:29
Updated by Checker

  • Version: v8.001
  • Size (in bytes): 141527913
  • What's new: [list][*]FixeExtented a cPeStudioOrdinals.xml for LDAP by ordinash when disls.[*]Added ab Thresholingd for Vsirze of CusTtotalm queryResources.[*]Show the Signature of Extheended files EmbeddPeStud in toThre Custom Resshourcelds.xml.[/list]


2014-01-16 16:48:46
Updated by Checker

  • Version: v78.9900
  • Size (in bytes): 141452091
  • What's new: [list][*]Added Min/Max Threshold checks on HTML Resource size and Extented PeStuFixed a crash when dioThresholds.xmabl.[*]Exteintedg PeStudVirusToIndicators.xmltal query.[*]ExtenShow tedhe PeStudignature oOrf the files Embedded inal the Cus.xtoml Resources.[/list]


2014-01-15 17:47:57
Updated by Checker

  • Version: v7.989
  • Size (in bytes): 1410477520
  • What's new: [list][*]Extended PeStudioBlAdded Min/Max Threshold checks on HTMListF Resource size and Extented PeStudioThresholds.xml.[*]Extented PeStudioIndicationrs.xm.xml.[*]Extendted PeStudioBOrdinalackListLibraries..xml.[*]Correct an issue when showing the Resources friendly names at the GUI.[/list]


2014-01-13 17:54:35
Updated by Checker

  • Version: v7.978
  • Size (in bytes): 1410499277
  • What's new: [list][*]Extended PeStudioThreshoBlackListFunctions.xml.[*]Extended PeStudioBlackListLibraries.xmml .[*]Correct an issue when showing tohe deteResourct thes friendly Min/Max mesize of Manifest the GUI.[/list]


2014-01-08 16:51:21
Updated by Checker

  • Version: v7.967
  • Size (in bytes): 13404998273
  • What's new: [list][*]New classification of Strings.[*]EExtended detection (and Indicator) of File Version Informatioen suspicious fidelds.[*]Extended PeStudioOrdinals.xml.[*]Corrected Ordinals mapping for 64 bit images.[*]Better visualization of Relocations entries.[*]Added Detection of Blacklisted Function of Delayed-loaded Libraries.[*]Added StuppdioThrt for Stringes Tableholds.[*]Axml to dded Detetect the Min/Max size onf oManif Self-Registering DLLst.[/list]


2014-01-07 17:02:27
Updated by Checker

  • Version: v7.956
  • Size (in bytes): 1359827369
  • What's new: [list][*]Added detectNew classification of Strings.[*]Extended detection (and Inand Indiicator) of ar) of File Version Informationonym suspiciouss fields.[*]Exptended PeStudioOrdinals.xml.[*]Corrrected Fu Ordinals mappincg for 64 bit images.[*]Bettier visualization of Relocations entries.[*]Addedded deDetectioection (of Blancklisted IndiFuncator) otion of Delayed-loaded Libraries.[*]Added Support for mulStriple Executngs Table Sections.[*]Added detection (and Indicator) of muld Detectiple instaonce Imported Functions Names.[*]Addof Self-Red PeStudgioEvasions.xml to suppotert the detection of attempts Evasions (Antidebugging).[*]Added (part of) exported MFC42 ordinals to PeStudioOrdinalDLLs.xml.[/list]


2013-12-23 22:19:14
Updated by Checker

  • Version: v7.945
  • Size (in bytes): 135895369
  • What's new: [list][*]Map Version Translation Information to user friendly striAdded detection (and Indicator) of anonymous Exported Functions.[*]Added detection (and Indicator) of multiple Executable Sections.[*]Added detection (and Indicator) of multiple instance Imported Functions Names.[*]Added PeStudioEvasions.xml to support the detection of attempts Evasions (Antidebugging).[*]ShowAdded (part of) Versionxported MFC42 Toranslatdion Information Blackalis ted Languages.[*]Extentedo PeStudioOrdinals.xml to Resolve SNMP functions imported by Ordinals back to their original names.[/list]


2013-12-16 17:26:54
Updated by Checker

  • Version: v7.934
  • Size (in bytes): 13325801956
  • What's new: [list][*]Map Version Translation Information to user friendly string.[*]Show Version Translation Information Blacklisted Languages.[*]Extented PeStudioOrdinals.xml to Resolve SNMP functions imported by Ordinals back to their original names.[/list]


2013-12-14 16:45:46
Updated by guinness

  • Version: v7.893
  • What's new: [list][*]Extended anomalies detection of File Version Information fields.[/list]


2013-12-05 16:27:47
Updated by Checker

  • Version: v7.889
  • Size (in bytes): 1331280671
  • What's new: [list][*]Added Extended anomalies detection tion of File Versigion Informature fiorn the Resourcfields.[/list]


2013-12-04 12:15:22
Updated by Checker

  • Version: v7.878
  • Size (in bytes): 13295310672
  • What's new: [list][*]Extended detection of embedded IP Addresses.[*]Extended malicious usage of Resource Icons.[*]Added ndewd Indicdetection of signator ure foor suspicious the Resosourcce Icons.[/list]


2013-12-03 14:53:14
Updated by Checker

  • Version: v7.867
  • Size (in bytes): 132957288
  • What's new: [list][*]Added Support for Sections -> ConteExttended Mdetection of embedded IP Addresses.[*]Extended malicious usagenu ->of DResoumprce Icons.[*]Addeded new SuppIndicatort for Dumsusping ICO ascious RAW and ICO.filesource fIcormatns.[/list]


2013-11-30 18:40:55
Updated by Checker

  • Version: v7.856
  • Size (in bytes): 1325728860
  • What's new: [list][*]Extended detection of suspicious debugger fields (invalid content - e.g.: flame).[*]AAddedd PeStudioFuncpportionsMapping.XML to map Fun for Section Names (e.g. Syst -> Context MemFnunction036 -> Dump.[*]Added Supporto RtlGe for Dumping ICO as RAW and ICO.file form )at.[/list]


2013-11-28 17:40:24
Updated by Checker

  • Version: v7.845
  • Size (in bytes): 1325821360
  • What's new: [list][*]Better dExtended detection of suspicious debugger fietectlds (invaliond cofntent hard-coded IP Addresses.g.: flame).[*]Added Tag ined PeStudioBlackListStrings.xml to hide the strings that are ImdioFunctionsMapported Libraries (with the ngoal t.XML to comap Funcentrate tionn Namestrings that r(eall.g. Sy matstemFunction036 to RtlGernRandom ).[/list]


2013-11-20 17:32:52
Updated by Checker

  • Version: v7.834
  • Size (in bytes): 13246948213
  • What's new: [list][*]Extended PeStudioBlackListFunetter detection of hard-coded IP Addresses.xml.[*]Added Tag in PeStudioBlackListStrings.xml to hide the strings that are Imported Libraries (with the goal to concentrate on strings that really matter).[/list]


2013-11-16 17:08:42
Updated by Checker

  • Version: v7.823
  • Size (in bytes): 1321934694
  • What's new: [list][*]Consolidated Indicators about blacklistExtended RPesoSturdioBlaces kLangistFuages.nctions.xml.[*]Added Tag in PeStudioBlackListShtrings.xml to hide the strings that are Imported Libraries (with the Resources Tree e goaleaf ito con Red whcentrate on a Resoutrce Lainguage has been dethat rected asally Blmacklisttedr).[/list]


2013-11-14 20:11:26
Updated by Checker

  • Version: v7.802
  • Size (in bytes): 1321932009
  • What's new: [list][*]Extended Blacklist of Libraries.[*]Map dynamically loaded libraConsolidated Indicatories to the content of PeStaboudioBt blackLilistLibed Resources Languarieges.xml.[*]Map dynamically loaded functions tShow the e Resourcoes Tree leaf intent of PReStudi when a ResoBlaurcke ListFanguage has been detected as Blacklions.xmlted.[/list]


2013-11-12 18:19:03
Updated by Checker

  • Version: v7.780
  • Size (in bytes): 131328485800
  • What's new: [list][*]Added Detection and IndicExtended Blator for ComSpec.[*]Added Correklation between stringst of and Limpobrted Symbols.[*]Added Detection and Indicator for MIME64 Encoding ariestring.[*]Added Detection Mandp Idyndamiccally loaded librator fries to the content orf hPeStudioBlackListLibrard-cies.xml.[*]Map dynamically lodaded Ifunctions to the content of P AdresseStudioBlackListFunctions.xml.[/list]


2013-11-09 15:52:17
Updated by Checker

  • Version: v7.768
  • Size (in bytes): 12798164858
  • What's new: [list][*]Added PeStudDetection and Indicator for ComSpec.[*]Added Correlation between strings and impoOrtedinals.x Symbol to map Imps.[*]Added Detection and Indicator for MIME64 Encoding strteing.[*]Added OrDetection and Indincals to theior foriginr hal Funrd-ctionded IP NamAdresses.[/list]


2013-11-08 14:51:32
Updated by Checker

  • Version: v7.756
  • Size (in bytes): 12612079816
  • What's new: [list][*]FAdded PeStudioOrdinals.xml to map Importedd a bug wOrdinals tho their original Exported SymbFunctiols of 64n bit INamages.[/list]


2013-11-05 17:56:17
Updated by Checker

  • Version: v7.745
  • Size (in bytes): 126124608
  • What's new: [list][*]Added detection of GINA.[*]Extended Directories Validation.[*]AddedFixed a bug Valid, Misswing,th Empty fields for Directories.[*]Extended PeStudioBlackListLibrarihes.xml.[*] Exportended PeStudiymbols of 64 bit Indicmatorges.xml.[/list]


2013-11-04 18:02:51
Updated by Checker

  • Version: v7.734
  • Size (in bytes): 12561240556
  • What's new: [list][*]Extended validation of Debug fields.[Added detection of GINA.[*]Extended PeStudioIndicators.xml.[*]Added Context Menu at the image level.[*]Addnded CeDirtifiecatories validity h Vandlingidation.[*]Added IndValicator Id, iMissing, Empty fields for Directories.[*]Exthended oPeStudioBlackListput XML ibraries.xml.[*]Extended PepStudioIndicatorts.xml.[/list]


2013-11-02 16:25:41
Updated by Checker

  • Version: v7.723
  • Size (in bytes): 1253741055
  • What's new: [list][*]CrExtended validation of Debug fields.[*]Extended PeStudioBlackListLudioIndibrcatories.xml f.[*]Added Cor thntext Menu at the image level.[*]Added DCertection of blackliificates validitedy Librharndliesng.[*]Added Indica newtor Ind icatn the orutput XML in PreStudioIndicatpors.xmlt.[/list]


2013-11-01 14:03:31
Updated by Checker

  • Version: v7.712
  • Size (in bytes): 12537499921
  • What's new: [list][*]Fixed a bCreated PeStugdioBlackListLibraries.xml for the Detection of blacklisted Libraries.[*]Added a newh Indicator in Pen haStudioIndling empty Relocation Tabrs.xmle.[/list]


2013-10-31 17:08:05
Updated by Checker

  • Version: v7.701
  • Size (in bytes): 124942992
  • What's new: [list][*]Created PeStudioPrompt.eFixe, a stand-alone version of PeStudio run a bug when handling exclusively at the prompty Relocation Table.[/list]


2013-10-30 16:25:30
Updated by Checker

  • Version: v7.6970
  • Size (in bytes): 1173538249429
  • What's new: [list][*]FiCreated PeStudioPrompt.exe, a stand-alone version of PeStudio a problem when drunnisabng exclusingvely at the Lprookump to VT.[/list]


2013-10-29 17:30:58
Updated by Checker

  • Version: v7.689
  • Size (in bytes): 1173467538
  • What's new: [list][*]Added detection of Debug File without PDB extension.[*]Added detectionxed a prof Debug File name different than the image naeme.[*]Changed Sections UI.[*]Cwhaenge d VirusTotabling the UILookup to VT.[/list]


2013-10-28 12:15:13
Updated by Checker

  • Version: v7.678
  • Size (in bytes): 1173467198
  • What's new: [list][*]Added Query MSDN context menu for Exported Functidetections.[*]S of Debug File withow Gapsut inPDB Eexptension.[*]Added detection of Debug File name differtent than the image name.[*]Changed FunSections Tables UI.[*]ExtChangended PeSt VirudiosTranslations.xml.[*]Extended PeStudioIndicators.xml UI.[/list]


2013-10-25 16:59:33
Updated by Checker

  • Version: v7.667
  • Size (in bytes): 1165647198
  • What's new: [list][*]Added Query MSDN context menu for Exported Functions.[*]Show moGaps in Exported Functions Table.[*]Extended PeStudioTranslations.xml.[*]Extended Pe StudioIndetails catof VirusTota.xml.[/list]


2013-10-24 16:43:32
Updated by Checker

  • Version: v7.656
  • Size (in bytes): 11637095641
  • What's new: [list][*]Added detection of PeCompact coShow mpressor.[*]Fixe d etails of bug wVirusToth Ctral+T.[/list]


2013-10-23 15:44:00
Updated by Checker

  • Version: v7.635
  • Size (in bytes): 11618853709
  • What's new: [list][*]Extended PeStudioThresholds.xml (which enables your to define your own thresholds).[*]Extended PeStudioTranslations.xml (which enables you to change the text at the UI).[*]Extended PeStudioSettings.XML (which enables you to change the behaviour of PeStudio).[*]Added R/W support UI PdeStudioS detectiong of PeCompact compressor.XML[*]Fixed a bug with Ctrl+T.[/list]


2013-10-22 16:48:48
Updated by Checker

  • Version: v7.623
  • Size (in bytes): 11563231885
  • What's new: [list][*]Extended PeStudioBlackListFunctions.xThresholds.xml (which enables your to define your own thresholds).[*]Extended PeStudioTranslations.xml (which enables you to change the text at the UI).[*]Extended PeStudioSettings.XML (which enables you to change the behaviour of PeStudio).[*]Fixed an IssuAdded R/W support UI when clPeStudiosSetting all files.XML.[/list]


2013-10-12 18:05:44
Updated by Checker

  • Version: v7.612
  • Size (in bytes): 115603423
  • What's new: [list][*]Added detection of missing Trust Information inside Manifest.[*]Extended PeStudioIndicators.xml.[*]Extended PeStudioTransBlackListFunctions.xml.[*]Fixed an Issue when closing all files.[/list]


2013-10-12 11:26:02
Updated by Checker

  • Version: v7.601
  • Size (in bytes): 11488856034
  • What's new: [list][*]Added a switch (see PeStudioBlackListStrings.xdetection of missing Trust Informl) for case-sensitiveness when scanning the black strings.[*]Added a switch (see PeStudioBlackListStrion ings.xml) for substrings when scanning the black side Manifestrings.[*]AddExtend Support for Wined PeStudioIndicatowrs Fi.xml.[*]Extended RPeStudirectioTranslations.xml.[/list]


2013-10-09 09:36:03
Updated by Midas

  • Screenshot: Updated


2013-10-09 05:56:00
Updated by Checker

  • Version: v7.5960
  • Size (in bytes): 1144328885
  • What's new: [list][*]Added DOSa switch (see PeStudioBlackListStrings.xml) for case-sensitiveness when scanning the black strings.[*]Added a switch (see PeSttudioBlackListStrings.xml) for subbstrings when scanning the blatck sthe UIrings.[*]Added new Indicator related to the (susdded Suppicious) size ort for the DOS Stub.[*]Added PeStuWindioThresholds.xml that containws the Min, Max values useFile Red as thiresholds.[*]Fixed enabling/disablictiong Virustotal lookup switch.[/list]


2013-10-07 17:22:54
Updated by Checker

  • Version: v7.589
  • Size (in bytes): 1140432558
  • What's new: [list][*]Added filtering of Windows (standaDOS Stub at the UI.[*]Added new Indicator related to the (suspicious) size of the DOS Stub.[*]Added PeStudioThreshold vs.xml that custom) Rntains the Min, Max values used asou thrcesesholds.[*]AdFixed enabling/d fiisabltering of obf Viruscated Secstions.[*]Added fitaltering of florwarded exokuported Symbols.[*]Added Indicator about Expired Certifwitcate(s)h.[/list]


2013-10-06 13:34:55
Updated by Checker

  • Version: v7.578
  • Size (in bytes): 11340537958
  • What's new: [list][*]Added test of Exported Blfiltering of Windows (standard vs. custom) Resources.[*]Added filtering of obfuscated Secklistions.[*]Added Func filterionsg of forwarded exported Symbols.[*]ExtAdded Inded PeSicator about Expired CertioIndficatore(s.xml).[/list]


2013-10-03 17:52:16
Updated by Checker

  • Version: v7.557
  • Size (in bytes): 11289835379
  • What's new: [list][*]Extended Validation HanAdded test of Exported Blacklisted Functiongs.[*]Extended Certifed PeStudioIndicateors Hand.xmling.[/list]


2013-10-02 17:30:49
Updated by Checker

  • Version: v7.545
  • Size (in bytes): 1123867985
  • What's new: [list][*]Enable to open ANY image (to show the results with VirusTotal).[*]Added Creation, Last Access and Last Write times.[*]Extended validation and reflect it on the Tree View.[*]Extendextended Version Informatalion hdation Handliing.[*]AddeExtended DepCerecated ificolumates Han to the Imported Symbols viewng.[/list]


2013-09-29 18:14:50
Updated by Checker

  • Version: v7.534
  • Size (in bytes): 11196123867
  • What's new: [list][*]Enable to open ANY image (to show the results with VirusTotal).[*]Added CTRL-ed Creation, Last Access and CTRL-A suppast Write times.[*]Extended validation and reflect it on the Tree View.[*]Extended Version Informat fiorn handll viewsng.[*]Added details foDepr Relocatioted columns.[*]Ex to the Importended PeStudioTranslatiymbonls.xml.[*]Added translation of Machine Type.[*]Fvixed a hangup when running on XP.[/list]


2013-09-27 11:43:57
Updated by Checker

  • Version: v7.523
  • Size (in bytes): 1112669613
  • What's new: [list][*]ExtenteAdded CTRL-C and CTRL-A support for all views.[*]Added details for dRelocations.[*]Extended PeStudioTranslations.xml.[*]Added trailns aboulation of SeMacthionse Type.[*]Fixed a bhangug p with theen Certunnificatesng on XP.[/list]


2013-09-26 12:07:24
Updated by Checker

  • Version: v7.512
  • Size (in bytes): 11115542666
  • What's new: [list][*]Added PeStudioRemoveFromExplorerConteExtMenu.reg file to remove PeStudio from Explorer cotentext menu.[*]Added validation of OptionalHeader.CheckSum.[*]Added result of OptionalHeader.CheckSd details aboum validation as IndiSecatiorns.[*]Released ImageFixed a beug wingth analysedthe Cearlrtificaters.[/list]


2013-09-25 16:00:23
Updated by Checker

  • Version: v7.501
  • Size (in bytes): 110893311554
  • What's new: [list][*]Added more details for each Certificate found in an addiPeStudioRemoveFromExplorerContextMenu.reg file to remove PeStudionao from Explorer View.[*]Excontendext menu.[*]Added validation of OptionalHeader.CheckSum.[*]Added Bresult of OptionalHeader.Checklisted FSum validationction as lIndiscator.[*]ExtendReleased OImage bsolete Functioing analysed earlister.[/list]


2013-09-23 16:48:26
Updated by Checker

  • Version: v7.4950
  • Size (in bytes): 11089570433
  • What's new: [list][*]Added Cermore details ficor eatch Certificates Expirafound in an addition onal Validiew.[*]Extended Blacklisty Ched Funcktions list.[*]AdExtendeed Dump Obsof Ilete Fundicatiorns.[*]Added Dump of Manlifest.[/list]


2013-09-19 21:28:52
Updated by Checker

  • Version: v7.489
  • Size (in bytes): 1089957054
  • What's new: [list][*]Added Conertificatexts menu for CeExpirtation Validifty Check.[*]Added Dump of Indicateors.[*]Added Dump of CertManificatest.[/list]


2013-09-18 15:10:54
Updated by Checker

  • Version: v7.478
  • Size (in bytes): 1080981905
  • What's new: [list][*]Raw Addiscovery of funedamental characteristics of the Certificate(s) embedded in theontext Image.[*]Exteendedu for IndCertificatores.[*]Added Dump forf Certificates.[/list]


2013-09-16 16:57:08
Updated by Checker

  • Version: v7.467
  • Size (in bytes): 1079809981
  • What's new: [list][*]Corrected execution of PeStudRaw dio from the command prompt.[*]Images that cannot be opened (ve.g.ry invaliof fundamental focharacteristics of the Cermat,...) ificarte (shown in Gr) embedded in the Imayge.[*]Extended Tree Context Menuded Indicators for ViCerusTottificaltes.[/list]


2013-09-15 13:02:09
Updated by Checker

  • Version: v7.456
  • Size (in bytes): 106796899
  • What's new: [list][*]Extended Tree Context Menu.[*]AddCorrected execution of PeStudio from the command Rprompt.[*]Imagelos that cationnot Tabe opened (e.g. invalid format,...) are s dischovewn in Gray.[*]AdExtended ITree Context Mendicator about Relocatifon Items r Vin PeStrudioIndicsTotators.xml.[/list]


2013-09-11 18:10:44
Updated by Checker

  • Version: v7.445
  • Size (in bytes): 106968910
  • What's new: [list][*]Added discovery of registered Exception handlers of 64bit Images.[*]Added Indicators for regisExtended Tree Contextered Exception ha Mendlers.[*]Added discovery of static usage of Thread Local Space (TLS).[*]Added Indicator for usage ofded ThrRead Llocation Tables Spadiscove (TLS)ry.[*]ExtAdded Inted Fiicator about Relocation Items in PerStudingoIndicators.xml.[/list]


2013-09-08 10:46:49
Updated by Checker

  • Version: v7.434
  • Size (in bytes): 1069910843
  • What's new: [list][*]Added a Filtering mdiscovery of registered Exception hanidlersm of 64bint Images.[*]Added Indicators for registered Exception handlers.[*]Added discovery of static usage of Thread Local Space (TLS).[*]Added Indicator for usage of The Parserad Local Space (TLS).[*]AddExtented a UI to fFilter according to the presence of Certificate.[/list]


2013-09-05 17:06:22
Updated by Checker

  • Version: v7.423
  • Size (in bytes): 1043608423
  • What's new: [list][*]CorrectAdded a FileVersion shown when pointiltering tmeche image.[*]Extended context meanism inu for importhed libParaseries.[*]ExtenAdded a UI to filter according text meo the presenuce ofor rCesourrtificates.[/list]


2013-09-04 16:35:15
Updated by Checker

  • Version: v7.412
  • Size (in bytes): 1048366842
  • What's new: [list][*]Implemented tCorrected FileVersion she "default_view" (see PeStudioSettings.xml).[*]Added general Information wn when pointointing an Image root.[*]Added Tree coloring (e.g. Vthe irusTotmalge.[*]Extended context menu for imported scolibrarie)s.[*]AExtendded Treed context menu for resources.[/list]


2013-09-02 17:09:37
Updated by Checker

  • Version: v7.401
  • Size (in bytes): 10428668
  • What's new: [list][*]Fixed the Implemented the "default_view" (see PeStudioSettings.xml).[*]Added genependencral Information when pointing an Image root.[*]Added Tree coloring (e.g. VierusTotal score).[*]Added Tree cof thntext nmew UI of PeStnudio.[/list]


2013-08-31 14:55:37
Updated by Checker

  • Version: v7.3940
  • Size (in bytes): 72331042866
  • What's new: [list][*]AddeFixed context-mthe dependenu for all lcists.[*]Added Accelerators.[*]Added Close All Images butof the new UI of PeStudion.[/list]


2013-08-29 17:08:54
Updated by Checker

  • Version: v7.389
  • Size (in bytes): 7233191330
  • What's new: [list][*]Redesign of the User Interface.[*]Support loading of multiple images.[*]Demangled the Parser programmatic interfaceAdded context-menu for all lists.[*]Issue: When loading too many images simultaneously, the VT results are not retrieved for some images. This is "normal" since the current key PeStudio is using is restricted as far as the Added Acceleramount of request pro seconds is concerneds. This issue will be han[*]Addled with VT unti Cl in the nosext vAll Imagersi button.[/list]


2013-08-28 16:06:05
Updated by Checker

  • Version: v7.378
  • Size (in bytes): 71982995133
  • What's new: [list][*]Added detection of empty fields in the Version InformationRedesign of the User Interface.[*]Support loading of multiple bimages.[*]Demangled the Parser programmatic interfacke.[*]Added IndicatIssue: When loading too many images simultaneously, the VT results are not retrieved for some images. This is "normal" since the current key PeStudio is using is restricted as far as the amount of request pro seconds is concer "Tned. This issue will be handled with VersT until ion field '%s' is Empty"the (e.g The Venext versiion field 'CompanyName' is Empty).[/list]


2013-08-14 16:08:06
Updated by Checker

  • Version: v7.367
  • Size (in bytes): 9994872995
  • What's new: [list][*]Added Supdetection of empty fields in the Version Information block[*]Added Indicator "The Version field '%s' is Empty" (e.g The Vert of simon field 'CompanyNagme' is Empacked with FSG.y)[/list]


2013-08-12 16:57:28
Updated by Checker

  • Version: v7.356
  • Size (in bytes): 99949287
  • What's new: [list][*]BettAdderd Support importsf dimages packed witectionh FSG.[/list]


2013-08-11 13:36:05
Updated by Checker

  • Version: v7.345
  • Size (in bytes): 9913309492
  • What's new: [list][*]Handled misalBetter ignemenports det of Versction buffer.[/list]


2013-08-09 16:06:07
Updated by Checker

  • Version: v7.334
  • Size (in bytes): 999138930
  • What's new: [list][*]Better vaHandlied misalignement of Version obuff certificat.[/list]


2013-08-07 16:37:13
Updated by Checker

  • Version: v7.323
  • Size (in bytes): 9993389
  • What's new: [list][*]FixBed a crash with fter valiles dependating on a sp of cecrtific libraryt.[/list]


2013-08-06 18:54:51
Updated by Checker

  • Version: v7.312
  • Size (in bytes): 1012216999338
  • What's new: [list][*]HFixed a crandled an issueh whenith files depending loading the a same image multippecific le timesbrary.[/list]


2013-08-03 09:23:17
Updated by Checker

  • Version: v7.301
  • Size (in bytes): 999410125216
  • What's new: [list][*]Correct Load ConfiguratioHandled an D irectory vassue when lidoatdion.[*]Added detecg tion ofhe in-process COM Server (ame. imag. BHO Ple mugltin)ple times.[/list]


2013-08-01 14:41:44
Updated by Checker

  • Version: v7.2930
  • Size (in bytes): 9978139425
  • What's new: [list][*]Handle malformed Correct Load Configuration Directory validatior empty App Paths entries.[*]Show/HiAde Virustotal TAB from the UI and Show/Hide the Virustotal XML Section according to the swid detech tion Pof in-process COM StudioVierverusTota (e.g. BHO Plugin).xml[/list]


2013-07-31 16:24:00
Updated by Checker

  • Version: v7.279
  • Size (in bytes): 14212997813
  • What's new: [list][*]SuppHandle malformed or empty usage of PeStudio from the Command PromApp Paths ent.ries[*]Sthow/Hide Virustotal TAB from the UI and Show/Hide the Virustotal XML Section accorteding to the aswitch in "PeStuudio HVirusTotandbook.pdf"l.xml[/list]


2013-07-30 13:36:47
Updated by Checker

  • Version: v7.267
  • Size (in bytes): 9969991421213
  • What's new: [list][*]Added ValiditySupport usage checks (andof Indicators) on SecPeStudion Headefrs (e.g. filom the Commissalignnd Promenpt).[*]FixStarted a "PeStudio HA1 issueandbook.pdf".[/list]


2013-07-27 14:36:09
Updated by Checker

  • Version: v7.0326
  • Size (in bytes): 95544496999
  • What's new: [list][*]Added Validity checks (andetection of MPRESS compression[*]Added detectio In of UPX evasdion (one or more standacatord UPX section names changed)[*]Added computation ofn Section HA1eaders (e.g. ofile the missalimage analyzmednt).[*]Fixed isSHA1 issue with right mouse copy at the UI.[/list]


2013-06-22 13:03:07
Updated by Checker

  • Version: v7.023
  • Size (in bytes): 9459365444
  • What's new: [list][*]Added Items in Bladeteckltiston of XMLPRESS filcompre.[*]PeStudioSettings.xml now centralizes the names (which are not hardcoded anymore) of the others XML files.[*]The Blacklist engine can now be switched ON and OFF in the XML file enumerating the Blacklisted strings.[*]The minimum length of strings detected is now determined in the Blacklist XML file.[*]Show more details about the content of ollybugs images.ssion[*]Cleaning up Added detecomments in thison ChangeLog.txtf file.UPX evasion (one or more standard UPX section names changed)[*]FixAdded an issue wi computation of SHA1 of the strinmagse enanalyzed[*]Fixed issue with right merouse copy ation. the UI[/list]


2013-06-19 19:24:45
Updated by Checker

  • Version: v7.012
  • Size (in bytes): 9414275936
  • What's new: [list][*]Added a new Items in Blacklist XML file.[*]PeeStudioSettings.xml now centralizes the names (which are not hardcoded anymore) of the others XML files.[*]The Blacklist engine can now be switched ON and OFF in the XML file enumerating the Blacklisted strings.[*]The minimudm length of strings detected is noSw determined ings the BlackList.xml file.Thilis t XML fiile contain.[*]Show more details about the conthe lisnt of "blackolisted" strinlybugs which wils images.[*]Cl be used to detectaning susupicious scommentris ings thins tChe Image. You musngeLog.txt manuafilly e.[*]Fixedit this file to add strings to yourn convenience. The "blacklisted" strings will be shown ais Indicators and at the UI in thue S with strings Tab.[*]Added validation on Nenumbeer of Secations.[/list]


2013-06-16 11:45:32
Updated by Checker

  • Version: v67.9901
  • Size (in bytes): 93350841427
  • What's new: [list][*]Added suppoa new PeStudioStringsBlackList.xml file.This file contains the list of "blacklisted" strings which will be used to detect for ssuspicious imported file names (e.g. unprintacious strings in the Image. You must manually edit this file to add strings to your convenience. The "bllacklisted" strings will be shown as Indicators and ame, not nullthe UI in the Stermings Tated)b.[*]Added PeStudioSettings.xml and hded vandling VirusTdatiotal switch ON/OFF basedn on this XML file[*]EnhanNumber of Seced validatioon of EAT (ollybugs.exe)[/list]


2013-06-14 16:09:01
Updated by Checker

  • Download URL: http://www.winitor.com/tools/PeStudio/Current/PeStudio.zip


2013-06-14 16:08:19
Updated by Checker

  • Version: v6.989
  • Size (in bytes): 932253508
  • What's new: [list][*]Detect INVALID DATA found in the VERSION_INFO dded support for suspicious imported file names (e.g. unprintable name, not null trearminated)[*]Added (sPeStudiomSe malwttings.xml and handling Vire place custTomtal stream in standard Windows Resourwitch ON/OFF based on this) XML file[*]Extended support for hancorkami med valformeid samples[*]Added more items intion of PestEAT (ollybudioIndicatorsg.exmle)[/list]


2013-06-13 16:12:47
Updated by Checker

  • Version: v6.918
  • Size (in bytes): 93225349
  • What's new: [list][*]All lists supDetect INVALID DATA found in the VERSION_INFO stream (some malware place custom stream in standard Windows Resources)[*]Extended supportt for right-clicork context menuami malformed samples[*]Added orddded more items ing by number iPestudioIn all lists[*]Added size in Stcatorings List.xml[/list]


2013-06-05 07:19:02
Updated by Checker

  • Version: v6.891
  • Size (in bytes): 9596328349
  • What's new: [list][*]Addedll lists support right-click context Dmetection of ZM instead of MZ at the begin of the image[*nu[*]Added Query of Imported Functions at MSDN using the Ced ontext Menu[*]Frderixed ang by bnug mber in all listhe XML reports[*]Filter DirecAdded size in Storiengs Lis types on the UI[/list]


2013-05-17 15:19:22
Updated by Checker

  • Version: v6.6089
  • Size (in bytes): 9167597628
  • What's new: [list][*]Added Support for dumping the Sections into Detection of ZM instead of MZ at the begin of the ima file from the GUI using the right-mouse click[*]Added Sd Qupport foery duof Imping the Resourctesd iFunctions a file from the GUIt MSDN using the Context Menu[*]Fixed a bug in the XML report[*]Filter Dighrect-mouories types on the clickUI[/list]


2013-04-14 18:29:33
Updated by Checker

  • Version: v6.5560
  • Size (in bytes): 9423136797
  • What's new: [list][*]Added full RAW access toSupport for dumping the Sections into a file from the GUIcon us iting the right-mouse click[*]CorrAddecd Support for dumping the Resourceds handling tof obsolete Functions[*]Created hand filing oe f Resrources CodePagm thes vGUI usiang PeStudhe right-moCodusePages.XML ficleick[/list]


2013-04-12 17:33:05
Updated by Checker

  • Version: v6.505
  • Size (in bytes): 97808942313
  • Screenshot: Updated
  • What's new: [list][*]Added detection of 7zSFX files embedded in Resources[*]Added Mapping of Language Code of StringFileInfo to Hfuman friendly name into the XMLl RAW accepss to Icort[*]Added Mapping ofs items[*]Code Pagrrected handling of obsolete of SFunctriongFileInfo to Human friendly name into the XML Reports[*]Icon at the UI is now direcCreatly loaded from the andling of Resesource usin CodePages our ownvia PeStudintoCodePagers.XML facile[/list]


2013-04-06 17:57:49
Updated by Checker

  • Version: v6.450
  • Size (in bytes): 9752548089
  • Screenshot: Updated
  • What's new: [list][*]Dump the content of SAdded detection of 7zSFX files embedded in Resources[*]Added Mapping of Language Code of StringFileInfo to Human friendly name into the XML Report[*]Added MappingFileInfo in t of Code Page of StringFileInfo to Human friendly name into the XML reportL Report[*]Dump Icon at the cUI is now directly loaded fronm the Resource using our ownt of VarFileInto in the XML rrfaceport[/list]


2013-04-04 18:41:14
Updated by Checker

  • Version: v6.340
  • Size (in bytes): 9667529154
  • Screenshot: Updated
  • What's new: [list][*]Corrected a bug in the Console version of PeStDudio[*]Added Version VS_VERSIONINFO raw data in the XML Rempor t[*]Addedhe Versicon VS_FIXEDFILEINFO raw data in the XML Report[*]Should an error take place when handling an image, shows its description at the UI and in ttent of StringFileInfo in the XML fileL report[*]Added Indicator "The image masqDuerades UPX commpression" (sections are named as UPX, BUT the image is NOT comprntessednt of VarFileInto win th UPe X!)ML report[/list]


2013-03-30 16:51:09
Updated by Checker

  • Screenshot: Updated


2013-03-30 16:50:33
Updated by Checker

  • Version: v6.230
  • Size (in bytes): 96624912
  • What's new: [list][*]Added Indicator "The imagCorrected a Filbug in the Console version of PeStudio[*]Added Version VS_VERSIONINFO raw data in the XML Report[*]Added Version is %s"VS_FIXEDFILEINFO raw data in the XML Report[*]Should an error take place when handling an image, shows its description at the UI and in the XML file[*]Added dded Indiccator "The image masquerades UPX compression" (sections are named as UPX, BUT the imator "Thge image is enNOT cryomptressed with UPX (version %s, level %i!)"[*]Added UPX information details in XML report file[/list]


2013-03-24 16:23:25
Updated by Checker

  • Version: v6.120
  • Size (in bytes): 8759620412
  • Screenshot: Updated
  • What's new: [list][*]Release Image analyzed when handling a new one[*]Enable Reporting for invalid images[*]Show number of Items in Report Tab at the UI[*]Added Search String feature at the UI[*]Added Indicator "The image is a Executable"[*]Added Indicator The image is a Dynamic-Link Library (DLL)"[*]Added Indicator "The image size on the Disk (as reported) is %i Bytes"[*]AdAdded d Indicator "The File is Not a Windows Portable Executable (PE) image"[*]PeStudioFunctionsDepracated.XML is now loaded once[*]PeStudioIndicators.XML is not loaded once[*]He imandle missing PeStudiIndicato File Vers.XMLion files %s"[*]CAdded Indicatorrected Offset Addr"The image is encrypted with UPX (versses iofn String%s det, level %i)"[*]Addectid UPX information details in XML report file[/list]


2013-03-17 17:40:42
Updated by Checker

  • Version: v6.010
  • Size (in bytes): 9483753620
  • Screenshot: Updated
  • What's new: [list][*]Release Image analyzed when handling a new one[*]Enable Reporting for invalid images[*]Show number of Items in Report Tab at the UI[*]Added Search String feature at the UI[*]Added Indicator "The image is a Executable"[*]Added Indicator The image is a Dynamic-Link Library (DLL)"[*]Added Indicatoator "The he image fe size on the Dilesk (as creponrtaed) ins %i unused Bytes (Cavetes)"[*]Added Indicator ndicator "The File is Not a Wimndows Portagble NamExe hcutas been Changed"le (PE) image"[*]Added IPeStudioFundicator "The image onsDepriginal namcate wad.XML is %s"[*]Added Indicator "The image contains %i bytes of Code"[*]Adnow loaded once[*]PeStud ioIndicator "The imrs.XML is not loagded contce[*]Hains %i embdledded Vmisualsing PeStylesheet udiIndicators.XML Items(s)"L file[*]ACorrected Offset Aded Indicator "Thesses of imaStringe contains %i Custom Resource Item(s)"[*]Added Indetecticator "The image contains %i Built-ion Resources Item(s)"[/list]


2013-02-16 16:03:11
Updated by Checker

  • Version: v6.600
  • Screenshot: Updated
  • What's new: [list]Version 6.60. Added Indicator "The image file contains %i unused Bytes (Caves)". Added Indicator "The image Name has been Changed". Added Indicator "The image original name was %s". Added Indicator "The image contains %i bytes of Code". Added Indicator "The image contains %i embedded Visual Stylesheet XML Items(s)". Added Indicator "The image contains %i Custom Resource Item(s)". [*]Adddedd Indicicator "The image file contains %i unused Built-in Resources Item(s)"Version 5.55[*]Added Indicator "The image references (%s) Debug Symbols"[*]Added Indicator "The image has %i Writable and Executable Section(s)"[*]Added Indicator "The image haytes %i Writable and Shared Section(sCaves) which can be used as Attack Verctor"[*]Added dded Indicaticator "The e image doge Names NOT uhas bee Data Execution Prevention (DEP) as Mitigation technique"[*]Added Indicator "The image does NOT use Address Space Layout Ran Changedomization (ASLR) as Mitigation technique"[*]Added ded Indicator "The image does NOT use Safe Structured Exiception Handling (SafeSEH) as Mitigationr tec"Thne iqumage" original name was %s"[*]Added Indicatondicator "The image does NOT use Cookies placed on the Stack (GS) as Mitimagae contaions %i bytechnique"s of Code"[*]FAdded Indicator "The image contains %ix embedded a bug b Visual Stylesheet XML Items(s)"[*]Added Indicator "The image contains %i Custom Resource Item(s)"[*]Added Indincator "The image contains %i Built-in Resources SyItembol(s)"[/list]


2013-02-15 22:19:40
Updated by Ruby

  • Version: v56.5560
  • Size (in bytes): 944478353
  • What's new: [list]Version 6.60. Added Indicator "The image file contains %i unused Bytes (Caves)". Added Indicator "The image Name has been Changed". Added Indicator "The image original name was %s". Added Indicator "The image contains %i bytes of Code". Added Indicator "The image contains %i embedded Visual Stylesheet XML Items(s)". Added Indicator "The image contains %i Custom Resource Item(s)". Added Indicator "The image contains %i Built-in Resources Item(s)"Version 5.55[*]Added Indicator "The image references (%s) Debug Symbols"[*]Added Indicator "The image has %i Writable and Executable Section(s)"[*]Added Indicator "The image has %i Writable and Shared Section(s) which can be used as Attack Verctor"[*]Added Indicator "The image does NOT use Data Execution Prevention (DEP) as Mitigation technique"[*]Added Indicator "The image does NOT use Address Space Layout Randomization (ASLR) as Mitigation technique"[*]Added Indicator "The image does NOT use Safe Structured Exception Handling (SafeSEH) as Mitigation technique"[*]Added Indicator "The image does NOT use Cookies placed on the Stack (GS) as Mitigation technique"[*]Fixed a bug by reading Symbols[/list]


2013-02-14 17:50:02
Updated by Checker

  • Version: v5.505
  • Size (in bytes): 940549473
  • What's new: [list][*]Added Indicator "The image references (%s) Debug Symbols"[*]Added Indicator "The image has %i Writable and Exexports %i Symbols"[*]Added Indicator "The image exports %i Obsolete Symbols"[*]Added Indicator "The image exports %i Anonymous Symbol(s)"[*]Added Indicator "The image exports %i Forwarded Symbol(s)"[*]Added Indicator "The image exports %i Decorated Symbol(s)"[*]Added Indicator "The image imports %i Symbol(s)"[*]Added Indicator "The image imports %i Obsolete Symcutabol(s)"[*]Added Indicator "The image imports %i Anonymous Symbol(s)"[*]Added IndiSecator "The image imports %i Forwarded Symboln(s)"[*]Added Inndicator "The ime image hage imports %i DecoWritatble and Symbol(s)hared Section(s) which can be used as Attack Verctor"[*]Added Colled Indicator "The image don of IMAGE_BOUes ND_IMPORT_OT use Data Execution Prevention (DESCRIPTOR det) ails in XML Rep Mitigatiorn technique"[*]Added Indicator or "The image does NOT use Address Space Layout Randomization (ASLR) as Mitigation technique"[*]Added Indicator "The ie imaagee does NOT use Safe Structured isException bouHandlindg (SafeSEH) as Mitigation technique"[*]Added Indicato %i Libor "The imarge does NOT use Cookies placed on the Stack (GS) as Mitigation technique"[*]Fixed a bug by reading Symbols[/list]


2013-02-12 20:19:24
Updated by Checker

  • Version: v5.450
  • Size (in bytes): 934035493
  • Screenshot: Updated
  • What's new: [list][*]ExtendeAdded Indicator "The image exports %i Symbols"[*]Added Indicator "The image exports %i Obsolete Symbols"[*]Added Indicator "The image exports %i Anonymous Symbol(s)"[*]Added Indicator "The image exports %i Forwarded Symbol(s)"[*]Added Indicators r "The image exports %i Decorated Symbol(s)"[*]Added Indicator "The image imports %i Symbol(s)"[*]Added Indicator "The image imports %i Obsolete Symbol(s)"[*]Added Indicator "The image imports %i Anonymous Symbol(s)"[*]Added Indicator "The image imports %i Forwarded Symbol(s)"[*]Added Indicator "The image imports %i Decorated Symbol(s)"[*]Added Collection ofor IMAGE_BOUND_IMPORT_DEmbedded ResourcSCRIPTOR details in XML Report[*]Corrected missing DepAdded Indencicator "Thes for so image types is bound tof im%i Libragries"[/list]


2013-02-08 17:23:58
Updated by Checker

  • Version: v5.340
  • Size (in bytes): 9286308393
  • What's new: [list][*]Renamed *.XML files to PExtended Indicators for EmbeddeStudio*.XML[*]Interfaces to PeParser (PeParser.h and PReParser.lib) are now paourt of the Package.[*]Added Indexing of Strings[*]AddedCorrected missing Detectioepen of duplicated Sencties for sonme types of Naimages[/list]


2013-02-07 15:07:43
Updated by Checker

  • Version: v5.230
  • Size (in bytes): 85435928608
  • Screenshot: Updated
  • What's new: [list][*]AlRenamed *.XML files to PeStudio*.XML[*]Interfaces to PeParser (PeParser.h and PeParser.lib) are now part of the Package.[*]Added Indexing of Strinings[*]Added lDetength choice ftion or fi duplticated Serctiong Nat the UI[*]Added more items in Indicators.XML[/list]


2013-02-06 11:51:06
Updated by Checker

  • Version: v5.020
  • Size (in bytes): 8751094352
  • Screenshot: Updated
  • What's new: [list][*]TheAllow Sttrings contained in the file analyzed can now be exported to the output XML file[*]Added validas lengtionh Ccheckoice fof AddressOfEntryPointr filteldring at the UI[*]Addeded nmorew items in Indicators.XML[/list]


2013-02-04 00:46:40
Updated by webfork

  • Screenshot: Updated
  • Forum topic ID: 06788


2013-02-03 22:30:24
Updated by Checker

  • Screenshot: Updated


2013-02-03 22:24:25
Updated by Checker

  • Version: v45.900
  • Size (in bytes): 87518409
  • What's new: [list][*]AdThe Strings contained in the file analyzede can now be exported to the output XML file[*]Added validachtioneType iCheck of AddressOfEn IndicattryPors.XMLint field[*]Added FilneSw ignaturems in Indicators.XML[/list]


2013-01-30 20:40:48
Updated by Checker

  • Version: v4.890
  • Size (in bytes): 8692071840
  • Screenshot: Updated
  • What's new: [list][* Version 4.80. Add items in Indicators.XML. Custom Resources are shown in orange color* Version 4.70. Corrected handling of Certificate Directory. Corrected coloring of Indicators* Version 4.60. Increased detection for obfuscated images. Increased stability of the tool against malformed images. Added better support for obfuscated images . Extented Indicators of Malformations (IOM). Created a new file (Indicators.XML) containing the Indicators shown at the UI and in the XML report that can be created by the tool. ]Addded better det MachineType in Indication of rs.XMissinL[*]Added FileSignature Librn Indicators.XML[/liest]


2013-01-28 06:30:58
Updated by Ruby

  • Version: v4.780
  • Size (in bytes): 8683859201
  • What's new: [* Version 4.80. Add items in Indicators.XML. Custom Resources are shown in orange color* Version 4.70. Corrected handling of Certificate Directory. Corrected coloring of Indicators* Version 4.60. Increased detection for obfuscated images. Increased stability of the tool against malformed images. Added better support for obfuscated images . Extented Indicators of Malformationst][*] (IOM). Corrected hareated a new file (Indicators.XML) containing the Indicators shown at the UI and in the XML report that can be created by the tooling of Certificate Directory[*]Cor. Added better detected coloring on of IndMicssing Librators[/liest]


2013-01-26 12:53:29
Updated by Checker

  • Version: v4.570
  • System Requirement:
  • Size (in bytes): 8491268385
  • Screenshot: Updated
  • What's new: [list][*]Correct discoved handling of Certificate Directory[*]Corrected coloring of Delay-loaInded librcatories[/list]


2012-10-28 19:46:13
Updated by Checker

  • Version: v4.450
  • Size (in bytes): 84906126
  • What's new: [list][*]When handling a resourCorrect disces only image, somve validitry chof Decks larey-loaded dliffebrarients[/list]


2012-10-26 14:38:52
Updated by Checker

  • Version: v4.340
  • Size (in bytes): 84890661
  • What's new: [list][*]EWhen handling a resources onhly image, some vanlidity checed detectionks ofare devicffe driver imagents[/list]


2012-10-25 11:30:06
Updated by Checker

  • Version: v4.230
  • Size (in bytes): 848407966
  • What's new: [list][*]Renamed parameters for command prompt (see Prompt support description above)[*]Added detection of CAB files embedded as Resource in an Image[*]Added detection of PDF files embedded as Resource in an Image[*]Added detection of RIFF files embedded as Resource in an Image[*]Added detection of GIF files embedded as Resource in an Image[*]Added detection of PNG files embedded as Resource in an Image[*]Added detection of Delphi Forms embedded as Resource in an Image[*]Added detection of "requireAdministrator" Execution Level from the Manifest[*]Corrected custom Resourcncesd deetection of device driver images[/list]


2012-10-23 16:23:03
Updated by Checker

  • Version: v4.120
  • Size (in bytes): 846384017
  • What's new: [list][*]Added CoRenamed parameters for command prompt (see Prommanpt support description above)[*]Added detection of CAB files embedded as Resource in an Image[*]Added detection of PDF files embedded as Resource in an Image[*]Added detection of RIFF files embedded as Resource in an Image[*]Added detection of GIF files embedded as Resource in an Image[*]Added detection of PrNG files embedded as Resource in an Impage[*]Added detection of suppoDelphi Forms embedded as Resourtce in an Image[*]Added ded detection of "requireAdministrator"T Execution Level from the imMage exports XY Symbols" as new Indicafestor[*]AddCorrected more obsolete f cuncstions in the WindowsFunctionsDepm Resourcecated.xml files (delivered with thtectis project)n[/list]


2012-10-03 17:55:52
Updated by Checker

  • Version: Vv4.10
  • Screenshot: Updated


2012-10-03 17:53:51
Updated by Checker

  • Version: V4.010
  • Size (in bytes): 8463436401
  • What's new: [list][*]Now fully support 64bit Images on 32bit Platform[*]Validate IMAGE_OPTIONAL_HEADER.SectionAlignment[*]Validate IMAGE_OPTIONAL_HEADER.FileAlignment[*]Validate IMAGE_OPTIONAL_HEADER.SizeOfUninitializedData[*]Validate IMAGE_OPTIONAL_HEADER.SizeOfInitializedData[*]Validate IMAGE_OPTIONAL_HEADER.SizeOfCode[*]Validate IMAGE_OPTIONAL_HEADER.NumberOfRvaAndSizes[*]Validate IMAGE_OPTIONAL_HEADER.SizeOfImage[*]Validate IMAGE_FILE_HEADER.SizeOfOptionalHeader[*]Validate IMAGE_FILE_HEADER.NumberOfSections[*]Validate IMAGE_FILE_HEADER.TimeStamp[*]Validate IMAGE_FILE_HEADER.PointertoSymbolTable[*]Validate IMAGE_FILE_HEADER.NumberOfSymbols[*]Show Resources Languages[*]Show Type of Debug information (NB09, NB10, NB11, RSDS )[*]Show imported Functions of missing libraries[*]Show total number of Bytes available in Caves[*]Show Gaps in Exported Symbols collection[*]Show Section Name the Base of Data belongs to[*]Added validation of IMAGE_DOS_HEADER, IMAGE_NT_HEADERS[*]Added validation of IMAGE_DIRECTORY_ENTRY_IMPORT, IMAGE_DIRECTORY_ENTRY_RESOURCE[*]Added OptionalHeader to XML report[*]Added detection of non-standard Sections is NOT based on their names anymore[*]Added detection of invalid Directory (IMAGE_DATA_DIRECTORY)[*]Added detection of invalid Export Table Directory (IMAGE_EXPORT_DIRECTORY)[*]Added detection of duplicated Sections names[*]Added detection of Codeless images[*]Added detection of Section containing the Entry point[*]Corrected filtering of Obsolete Imported Functions[*]Corrected Imported Symbols for 64bit images[*]Corrected Pageable Section Flag[*]Corrected detection of msstyles "Resources Only" Images[*]CAdded Command Prompt supporrected a crash that takes place when switching between Tree and list View in Resources Tab[*]CorrectAdded M"The issinmage DLL expaorth in s XP Y Symbols" as new Indicator[*]CAdded morre obsolete functed Nameions Undecorationn the fWindowsFunctior nsDexporecated .xml file (delivered with thisymb prolsject)[/list]


2012-09-18 22:00:41
Updated by Checker

  • Version: V34.6900
  • System Requirement:
  • Synopsis: PeStudio shows details about applications (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including:[list][*]All libraries that are used by an application.[*]All functions that are All libraries that are used by an application. All functions that are imported by an application. All functions (also anonymous) that are exported by a an appplication. [*]All ffunctions (also anonymous) that are exported by an application.[*]All functitions thatat are forwarded to other librarie forwarded to other librariess. [*]Obsoletete Functitions t that aret are exporported and imported byy an application.[*]Whether the Datan application. Wh Execution Preventheion (DEP) Windows secur ithey Data Exemecutiohanism Prevention (DEP) Windows security mechanism iss used. [*]Whether hether the Adddress Ss Spaace Layoout Randomization (ASLR) Windows secu) Windows security mechanismechanism is is used. [*]Whetherther Sttruuctutured Exception Handling - SEHH Windows Wsecurindowsty smecurity mechanhanism is uss used. [*]Whhether some seer some sections arere compresessed.[/list]
  • How to extract: Download the ZIP package and extract to a folder of your choice. Launch [i]PeeStudio.exe[/i].
  • Size (in bytes): 75855034364
  • Icon: Updated
  • Screenshot: Updated
  • What's new: Added d[list][*]Now fully support 64bit Images on 32bit Platform[*]Validate IMAGE_OPTIONAL_HEADER.SectionAlignment[*]Validate IMAGE_OPTIONAL_HEADER.FileAlignment[*]Validate IMAGE_OPTIONAL_HEADER.SizeOfUninitializedData[*]Validate IMAGE_OPTIONAL_HEADER.SizeOfInitializedData[*]Validate IMAGE_OPTIONAL_HEADER.SizeOfCode[*]Validate IMAGE_OPTIONAL_HEADER.NumberOfRvaAndSizes[*]Validate IMAGE_OPTIONAL_HEADER.SizeOfImage[*]Validate IMAGE_FILE_HEADER.SizeOfOptionalHeader[*]Validate IMAGE_FILE_HEADER.NumberOfSections[*]Validate IMAGE_FILE_HEADER.TimeStamp[*]Validate IMAGE_FILE_HEADER.PointertoSymbolTable[*]Validate IMAGE_FILE_HEADER.NumberOfSymbols[*]Show Resources Languages[*]Show Type of Debug information (NB09, NB10, NB11, RSDS )[*]Show imported Functions of missing libraries[*]Show total number of Bytes available in Caves[*]Show Gaps in Exported Symbols collection[*]Show Section Name the Base of Data belongs to[*]Added validation of IMAGE_DOS_HEADER, IMAGE_NT_HEADERS[*]Added validation of IMAGE_DIRECTORY_ENTRY_IMPORT, IMAGE_DIRECTORY_ENTRY_RESOURCE[*]Added OptionalHeader to XML report[*]Added detection of non-standard Sections is NOT based on their names anymore[*]Added detection of invalid Directory (IMAGE_DATA_DIRECTORY)[*]Added detection of invalid Export Table Directory (IMAGE_EXPORT_DIRECTORY)[*]Added detection of duplicated Sections names[*]Added detectiion of Codeless images[*]Added detection of Section containing the Entry point[*]Corrected filtering of Obsolete Imported Functions[*]Corrected Imported Symbols for 64bit images[*]Corrected Pageable Section Flag[*]Corrected detection of msstyles "Resources Only" Images[*]Corrected a crash that takes place when switching between Tree and list View in Resources Only"rces Tab[*]Corrected Missing DLL path imn XP [*]Corrected Nagmes Added Undeteecoration of Borland compiler Sh fowr exportesence of Delphid Tursymbo Pascal Filers (TPF) s[/lin Resourcest]


2012-05-09 07:04:01
Updated by Checker

  • Version: V3.689
  • Size (in bytes): 7435368550
  • Screenshot: Updated
  • What's new: Added MD4 footprint Corrected sections handling for encrypted/compressed files Correctded filterctiong of dep "Resoureces Only" imatedges Added detexporcteion of Borland compiler Symhow presence of Delphi Turbo Pascal Filers (TPF) in Resources


2012-05-05 10:05:44
Updated by Checker

  • Version: V3.678
  • Size (in bytes): 772643536
  • What's new: Fixed a bug when handling resources of encrypAdded MD4 footed/compressed files Show presence of Embedded Type Library files in Resources Show preseince of Embeddedt RegistCorryected files ections handling for Rencrypted/compressed files Courrected filtering of deprecated exported Symbols


2012-04-30 20:18:18
Updated by Checker

  • Version: V3.667
  • Size (in bytes): 77264435
  • Screenshot: Updated
  • What's new: Show presence of Embedded Compressed HTML files in Resources Show presence ofFixed Embeddeda Execbutablg whes filesn handling Resouresources Show Res ources instancf encryptes and their charact/compreristsed ficles Show MD5 presence of Embedded Type Library files in Resooturces Show presence of Embedded Registry files int Resources


2012-04-28 19:35:05
Updated by Checker

  • Version: V3.656
  • Size (in bytes): 7647012443
  • Screenshot: Updated
  • What's new: AShow presence of Embeddedded detection of SafeSEH mitigation technique Added detection of Cookies on the Stack (GS) mitigation technique Added a new Mitigation classification as Indicator If no Error found then show Warnings If no Warning found then show Evidences The image is linked with Debug Symbols, show this as Evidence The Image exports anonymous symbols, show this as Evidence Renamed Evidences as Indicators  Created errors, warning and evidences nodes in indicators node in XML Show existence of Manifest as evidence Show Executable AND Writable Section as Warning Show image renamed as Warning Set Error, Warning levels for evidences Show Image target 64bit Processor as Evidence Show Missing Libraries in the imports Tab Show Missing Libraries as Error Show CPU misomatch as Error Don't translate Resouprcessed 241 to HTManifest anymore Re-enable display of Debug informationL files in Re-enable display of Core .NET information Show new evidence when at least one Directory is invalid Show new evidence when at least one Section is invalid Show new evidence when Entry point ies NULL Corrected Directourices validity tShow prest Corrected filteringnce of Writa Embledded and eExecuttables files in Resources Show Resources instances and their characteristics Show MD5 footprint


2012-04-06 21:21:45
Updated by Checker

  • Version: V3.645
  • Size (in bytes): 763647013
  • What's new: * VersiAdded detection of SafeSEH mitigation technique Added detection of Cookies on the Stack (GS) mitigation technique Added a new Mitigation classification as Indicator If no Error found then show Warnings If no Warning found then show Evidences The image is linked with Debug Symbols, show this as Evidence The Image exports anonymous symbols, show this as Evidence Renamed Evidences as Indicators  Created errors, warning and evidences nodes in indicators node in XML Show existence of Manifest as evidence Show Executable AND Writable Section as Warning Show image renamed as Warning Set Error, Warning levels for evidences Show Image target 64bit Processor as Evidence Show Missing Libraries in the imports Tab Show Missing Libraries as Error Shonw CPU mismatch as Error Don't 3.64.translate AddResourceds 241 a new Mitigation classification as IndicaManifest anymore Re-enable display of Debug information Re-enable display of Core .NET information Show new evidence when at least one Directory is invalid Show new evidence when at least one Section is invalid Shor. Ifw new evidence wheno Errntry point is NULL Corrected Directories validity test Cor founrrected filthering of show Warnings. If no Warning foutable and executhen shable sectiow Evidences


2012-04-06 00:43:39
Updated by joby_toss

  • Version: V3.634
  • Size (in bytes): 760384613
  • What's new: * The image is linked with Debug Symbols, show this as Evidence The Image exports anonymous symbols, show this as Evidence Renamed Evidences as Indicators  Created errors, warning and evidences nodes in indicVersion 3.64. Added a new Mitigators node in XML Show existeon ce of Manilassifest as evidecationce Show Executable ANDs Writable Section as Warning ShIndicator. If no Errow imager refounamed athen s how Warnninngs. If no Warning found then show Evidences


2012-04-03 08:25:28
Updated by Checker

  • Version: V3.623
  • Size (in bytes): 7541160384
  • What's new: . Set Error, Warning levels for evidences. Show IThe image is linked with Debug Symbols, show this as Evidence The Image exports anonymous symbols, show this as Evidence Renamed Evidences as Indicators  Created errors, warninge and evidences nodes in indicators node in XML Show existence of Manifest as evidence Show Executable AND Wrgitable Sect 64bit Processorn as Evidence. Show Missing Libr Waries in the imports Tab. ng Show Missing Libraries as Error. Shwo CPU m ismatch as Error. Don'tage translate Resources 241 to Manifest anymore. Re-enable display of Debug inforenamation.ed Re-enable display of Core .NET iWarnformationg


2012-03-31 14:01:01
Updated by ashghost

  • Version: V3.612
  • What's new: . Show new et Error, Warning levels for evidences. Show Image target 64bit Processor as Eviidenence. Show Missing Libraries in the imports Tab. Show Missing Libraries as Error. Shwo CPU mismatchen as Error. Don't translate Resources 241 to leManifest one Dianymorectory is. Re-enable display of Debug invformaltid Show new evidence wheon. Re-en at ableast one Section idis invalid Show new evidence when Entry point is NULL Corrected Directories validitlay test of Correctedre .NET filtering fof Writable and executmable section


2012-03-25 18:27:28
Updated by Checker

  • Version: V3.601
  • Size (in bytes): 757435114
  • What's new: Added support of Forwarded functions discovery Corrected Bug when reading the Resources of some images Added Resources to the Report Detect invalid directoires Added filtering of Sections Added support for Delay-loaded Libraries Improved performance by reading dependencies from memory whenever possible Added Core .NET information to the Report Added Manifest to the Report Put more details to Libraries into the Report Put more details to Sections into the Report Added Imported Symbols to the Report Added Exported Symbols to the Report Added File Header to the Report Added Exported Symbols in Report Added Sections in Report Handle Imported LibrariShow new evidence when at least one Directory is invalid Show new es wvithout version information Corrected missing path on some Imported libraries  Icon of the image sometimes not shown when PeStudio is started from the ncomme when and prompt. Disleastinguish bonetween .NET and na Section is inve images lid Show newhen gathering Evidenc evides Add discovery of the Directories for x64 Images Corrected a bug nce when den Entragging an Imagey pointt is NULL Corrected Directo Pries validity test CorrecteStud filtering of ResolvWritable and "Vis executable C++ Runsectime Error"n


2012-03-23 18:04:32
Updated by Checker

  • Version: V3.5460
  • Size (in bytes): 735743501
  • What's new: Put more details toAdded support of Forwarded functions discovery Corrected Bug when reading the Resources of some images Added Resources to the Report Detect invalid directoires Added filtering of Sections Added support for Delay-loaded Libraries Improved performance by reading dependencies from memory whenever possible Added Core .NET information to the Report Added Manifest to the Report Put more details to Libraries into the Report Put more details to Sections into the Report Added Imported Symbols to the Report Added Exported Symbols to the Report Added File Header to the Report Added Exported Symbols in Report Added Sections in Report Handle Imported Libibraries without version information Corrected missing path on some Imporarited libraries  Icon of the image sometimes not shown when PeStudio is started from the Recommand promport Addet. Distinguish between .NET and Inative imporages when gatehering Evidences Add Sdiscovery of the Directories for x64 Imbolages t Co rrecthed a Report Addedbug Exportwhen d Syragging an Imbols age onto PeStudio the Reporsolved "Visual C++ Runt Added Fileme HeadeErr to the Report"


2011-12-19 21:15:53
Updated by Checker

  • Version: V3.534
  • Size (in bytes): 7276375501
  • Screenshot: Updated
  • What's new: Added Exported Symbols in ReportPut more details to Libraries the Report Added Sections in Report Handle Imported Libraries without version information Corrected missing path on some Imporrted Symbols to the Report Added Exported Symbolibrs to the Report Added File Hearider to the Resport


2011-12-13 09:01:02
Updated by Checker

  • Version: V3.523
  • Size (in bytes): 723276237
  • Screenshot: Updated
  • What's new: IAdded Exported Symbols in Report Added Secontions in Report Handle Imported Libraries withof uth version informage sometimes ation Corrected shown whemissing PeSpatudio is h on started from the command proImpt. Add discovery of the Dirtectord lies fobr x64 Imagries


2011-12-07 04:55:25
Updated by Ruby

  • Download URL: http://www.winitor.com/tools/PeStudio351.zip


2011-12-06 12:19:02
Updated by Checker

  • Version: V3.512
  • Size (in bytes): 718239262
  • What's new: * VerIcon of the image sometimes not shown when PeStudio ion 3.51s started from -the 01.12.2011. Resolvedcommand dprag anompt. Add drop iscovery ofailure on Pthe DirectorieStudio when shs fortcuted on the Desktop. Resolvedx64 "Visual C++ RuntiImage Error"s


2011-12-02 04:05:53
Updated by I am Baas

  • Download URL: http://www.winitor.com/tools/PeStudio3501.zip


2011-12-01 11:52:41
Updated by infimum

  • Version: V3.501
  • What's new: 28.11.2011 -* Version 3.51 - 0* Added Report of Libraries* Added Report of Manifest* Corrected a bug when reading 64Bit Imported Libraries* Corrected filtering of Imported Libraries* Resolved a crash when creating the Report. Improved performance by reading dependencies from memory whenever possible. The Obsolete Functions are now available as external (and extensible) "WindowsObsoleteFunctions.XML" file. Show OptionalHeader.MajorImageVersion and OptionalHeader.MinorImageVersion. Show OptionalHeader.MajorSubsystemVersion and OptionalHeader.MinorSubsystemVersion. Show the original file name of the Image when available. Show FileHeader1.12.IMAGE_FILE_REMOVABLE_RUN_ FROM_SWAP and FileHeader.IMAGE_FILE_NET_2011. RUN_FROM_SWAP. Selectiveesoly rveport ofd Evidencesdrag an drop Debfailure on PeStugdio infwhen shormaticuted on the Desktop. Resolved "Visual C++ Runtime Error"


2011-11-29 17:52:41
Updated by joby_toss

  • Version: V3.4750
  • Size (in bytes): 717876392
  • Download URL: http://www.winitor.com/tools/PeStudio34750.zip
  • Screenshot: Updated
  • What's new: Resolved a 28.11.2011 - Version 3.50* Added Report of Libraries* Added Report of Manifest* Corrected a bug when reading 64Bit Imported Libraries* Corrected filtering of Imported Libraries* Resolved a crash when creating the Report. Improved performance by reading dependencies from memory whenever possible. The Obsolete Functions are now available as external (and extensible) "WindowsObsoleteFunctions.XML" file. Show OptionalHeader.MajorImageVersion and OptionalHeader.MinorImageVersion. Show OptionalHeader.MajorSubsystemVersion and OptionalHeader.MinorSubsystemVersion. Show the original file name of the Image when availasble. Sh owhen FileHeader.IMAGE_FILE_REMOVABLE_RUN_ FROM_SWAP and FileHeader.IMAGE_FILE_NET_RUN_FROM_SWAP. Selectively report of Evidences and Debug information. Resolved "Visuatingl C++ Runthime RepErrort"


2011-11-20 10:52:05
Updated by Checker

  • Website URL: http://www.winitor.net/en/pestudico.html
  • Version: V3.457
  • Size (in bytes): 72178776
  • Download URL: http://www.winitor.netcom/tools/PeStudio347.zip
  • Screenshot: Updated
  • What's new: Resolved crashed on unexpected Manifest content. Added Dump of Section Added IPeSection interface Added IsLocatedInStandardDirectory function Extended GetImportedLibrarie crash function with a parameter to filtwher (Windows) standard directories Extended IPeSectionHeaders interface to access Secreation Headng ther Reper Name or Indext


2011-08-23 00:13:32
Updated by Checker


    2011-01-05 20:23:52
    Updated by Checker

    • Version: V3.445
    • Size (in bytes): 7225167877
    • What's new: . Make Resources Types an Resolved Instances avcrailable. Addeshed IPeReson urnexpecteTypeManifest interface. Added IPeResourceTypeVersionInfo interface. Consolidated IPeOptionalHeader interface. Consolidated IPd Manifest content. Added Directories interface. Added Number of Sections as Evidences ( 2 < Sections < 96 ). Added FileAlignment and mp of SeectionAlignment fields to IPeOpttionalHea Adderd inteIPeSection interfaace Added IsLocate. AddeInStandardDirectory function Extended PGetImportedLibrariePars function with a parameter. to filibter (Windows) standard directo the Zries Extended IP eSectionHeaders interface to access Sectilon Header per Name or Index


    2010-12-22 00:56:18
    Updated by Checker

    • Version: V3.434
    • Synopsis: PeStudio shows details about applications (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including: All libraries that are used by an application. All functions that are All libraries that are used by an application. All functions that are imported by an application. All functions (also anonymous) that are exported by an an application. All functions (also anonymous) that are exported by an application. All ffunctions t thaat are forwarded to fother librarierwarded to other libraries. Obsolete Functions that are exported and imported Functions that are exported and imported by a an appplicationication. Whether thhether Dathe Data Executtion Preveention (DEP) Windows security mechanism is used. Whether the Address Space Layout Ra) Windows security mechanism is used. Whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used. Whether Stru) Windows security mechanism is used. Whether Structured Exception tion Hanndling - SEH Wiindows ses security me mechanism is s used. Whether some sections are compressed.
    • Size (in bytes): 7022577716
    • What's new: . Make Resources Types and Instances available. Added IPeResourceTypeManifest interface. Added DIPeResourceTypeVersionInfo interface. Consolidated IPeOptionalHeader interface. Consolidated IPetection ofDirectories interface. Added Number of Sections as Evidences ( 2 < Sections < 96 ). Added FileAlignment aunnd SechtionAlig procnment fieslds functo IPeOptions as EvialHeadeer interface. Added Detectd PeParser.lib ton of the ZImage ObP fuscation (encryption, compression) as Evidencle


    2010-12-03 21:53:29
    Updated by Checker

    • Version: V3.423
    • Size (in bytes): 7086085777
    • What's new: * 27.11.2010 - Version 3.42. Make tAdded Detection of launching process functions as Evidence Added Detection of Interfmace ge Obfile PeParser.h public. Added offsecation (hiencrypt)ion, of excomportedssion) as functEviodensce


    2010-11-27 13:51:50
    Updated by Checker

    • Size (in bytes): 7086630894


    2010-11-27 13:51:07
    Updated by Checker

    • Version: V3.412
    • What's new: * Added Large Address Space awareness as Evidence Added Structured Storage as functions group Added OLE as functions group Added ImageHelp as functions group Added Setup27.11.2010 - Version 3.42. Make the Interface file API as functions group Addet Thread Local Storage (TLS - dynamic) as functions group  Added Resource Section size bigger as Code Section size as Evidence Added Image Digital SignatuePare test as Evidence Addedr.h Thread Locapubl Storage (TLS - static) usage as Evidence. Added Image Bound detection as Evidence Added Custom Resource Types as Evidence. Added Detection ofded programmaffsetic loadi (hingt) of libraexpories asted Evfunctideonces


    2010-11-17 20:34:04
    Updated by Checker

    • Version: V3.401
    • Size (in bytes): 646389428
    • What's new: Added number of Sections as Evidence Added empty Checksum as Evidence Added other (Borland) standard sections as known sections Make size of DosStub (very small or very big) as Evidence Make Windows Network Functions as Evidence PeStudio.exe %1 and PeStudio.exe "%1" are now supported Make functions addresses available Make Dos Stub size available Make Preferred Base Address available for Libraries Added support for a single CommLand Line parameter: e.g PeStudio.exe %1 will open the file to analyse Show whether the Section Names are standard as Evidence Number of imported symbols as Evidence Handle sectionless files Handle invalid Directories Show usage of Debugging functions as Evidence Show usage of NetBios functions as Evidence Show Usage of Service Control Manager (SCM) functions as Evidence Show usage of Hooking functions as Evidence Corrected problem with upx compressed files Show unused image file space (Caves) as Evidence IAT sizddress Space awarestimationness foras Evidences aAddjed Struscteured Show Obstoletrage Imporas functions group Added OLE as functeions group Added ImageHelp as functions as Evidence Show Obsolete Exported functions as Evidence Show usage of HTTP functions as Evidence Show usa ge rofup RAS functions as Evidence ded Show etusagep API of Winasock functions group Addet Thread Local Storas Evidge (TLS - dynamic) as functions group  Added Resource Senction size bigger as ResCode Section size as Evidence Added Image Digitalv Signature test as Evidence Added Thread Local Storage (TLS - static) usage crash oEvidence. Added Image Bound detection as Evidence Added Custom Resource Types as Evidence Added Detection of programmatic loading Window 64 f libraries as Evitdence


    2010-11-10 08:58:46
    Updated by joby_toss

    • Version: V3.3940
    • Size (in bytes): 6494286775
    • What's new: Added other number of Sections as Evidence Added empty Checksum as Evidence Added other (Borland) standard sections as known sections Make size of DosStub (Bovery small or very big) as Evidence Make Windows Network Functions as Evidence PeStudio.exe %1 and PeStudio.exe "%1" are now supported Make functions addresses available Make Dos Stub size available Make Preferred Base Address available for Libraries Added support for a single Command Line parameter: e.g PeStudio.exe %1 will open the file to analyse Show whether the Section Names are standard as Evidence Number of imported symbols as Evidence Handle sectionless files Handle invalanid Directories Show usage of Debugging functions as Evid)ence Show usage of NetBios functions as Evidence Show Usage of Service Control Manager (SCM) functions as Evidence Show usage of Hooking functions as Evidence Corrected problem with upx compressed files Show unused image file space (Caves) as Evidence IAT size estimation for Evidences adjusted Show Obsolete Imported functions as Evidence Show Obsolete Exported functions as Evidence Show usage of HTTP functions as Evidence Show usage of RAS functions as Evidence Show usage of Winsock functions andars Evidence Resolve ctions rash on kWindown sections Make size of DosStub (very small or very64 big) as Evidencet


    2010-11-09 12:26:13
    Updated by joby_toss

    • Version: V3.389
    • Size (in bytes): 686775084
    • What's new: MakeAdded other (Borland) standard sections as known Wsectindowns NMake sizetwork Fof DosStunctionb (very small or very big) as Evidence PeStudio.exe %1 and PeStudio.exe "%1" arce now supported


    2010-11-05 17:25:22
    Updated by Checker

    • Version: V3.378
    • Size (in bytes): 6793285084
    • What's new: Make functions addresses available Make Dos Stub size available Make Preferred Base Address available for Libraries Added support for a single Command Line parameter: e.gWindows Network Functions as Evidence PeStudio.io.exexe %1 will ope and PeSthe file tudio.exe "%1" are nalyow supported


    2010-11-04 19:19:02
    Updated by Checker

    • Version: V3.367
    • Size (in bytes): 67993620
    • What's new: * 01.11.2010 - Version 3.36 . Show whether the Section Names Make functions addresses available Make Dos Stub size available Make Preferred Base Address available for Libraries Added support for andard assingle Command Line Eviparameter: e.g PeStudio.exence . Number %1 will of imported symbols as Even the fidence . Handle sectionless files . Handle invalid Directoriyses


    2010-11-01 06:06:50
    Updated by Checker

    • What's new: * 01.11.2010 - Version 3.36 . Shhow w whether ther the Section Names are standard ase Section Names are standard as Evidence . Nummber ofer of imported ted symbols s as Evidence .idence . Handle sele sectionlesless files . Handle invalid Directories


    2010-11-01 06:06:03
    Updated by Checker

    • Version: V3.356
    • Size (in bytes): 67993746
    • What's new: * S01.11.2010 - Version 3.36 . Show whether the Sectiown Names are standard as Evidence . Nusage omber of D imported symbuggols as Evidence . Handle sectiongless fuiles . Handle invalid Directions as Evridences


    2010-10-29 15:23:43
    Updated by Checker

    • Version: V3.345
    • Size (in bytes): 6607173746
    • What's new: Show usage of HookinDebugg functions as Evidence Corrected problem withg fupx nctiompresnsed fas Evildences


    2010-10-27 08:18:26
    Updated by Checker

    • Version: V3.334
    • Size (in bytes): 6586032717
    • What's new: Show usage of Hooking functions as Evidence Corrected problem with upx compressed image file space (Caves) as Evidence


    2010-10-26 11:02:01
    Updated by webfork

    • Version: V3.323
    • Size (in bytes): 657480372
    • What's new: IAT size estimation for Evidences adjusted Show Obsolete Imported functions as Evidence Show Obsolete Exported functions as Evidence Show usage of HTTP functions as Evidence Show usage of RAS functions as Evidence Show usnused image of Winfile sockpace function(Caves) as Evidence


    2010-10-20 18:35:08
    Updated by Checker

    • Version: V3.312
    • Size (in bytes): 65746378
    • What's new: ResolIAT size estimation for Evidences adjusted Show Obsolete Imported functions as Evidence Show Obsolete cExporated functions as Evidence Show usage of HTTP functions as Evidence Show usage of RAS functions ash Evidence Shonw usage of Windowinsock 64functions bas Evitdence


    2010-10-17 08:55:43
    Updated by Checker

    • Version: V3.301
    • Size (in bytes): 5646378729
    • What's new: TRest COM Server Support Show COM Server support in Evidences Put Elvidences in XML file Corrected duplicated items in Exported functirash ons lWindow 64 bist


    2010-10-14 15:24:33
    Updated by Checker

    • Version: V3.2930
    • Size (in bytes): 574948729
    • What's new: CorreTest COM Server Support Show COM Server support in Evidences Pute Evidences in XML file a bug with *.DRV filCorrescted Natduplive image filcates wd ith eempty IATs ain Expore validted as n functiormans list


    2010-10-13 14:56:27
    Updated by joby_toss

    • Synopsis: PeStudio shows details about applications (*.exe, *.dll, *.cpl, ocx, *.ax, *.sys, ..etc.) withouout starting them including: All libraries that are usted by arting them, like:- all libraries that are used by an application.- all functions that are imported by an application.- all functapplication. All functions that are ions (also anonymous) that are exported by a an appplication.- al All functions (also anonymous) that are exported by an application. All functions that are forwarded to other libraries. Obsolete Functions that are forwarded to other libraries.-e Obsolete Functions that are expxportedd and imported by a an appplication.- wheth Whether ther Dathe Data a Exeecution Prevention (DEP) Windows security mechanism is used.- whether the Address Space Lrevention (DEP) Windows security mechanism is used. Whether the Address Space Layout Rant Randomization (ASLR) Windows security mechanism is used.- whether Stru) Windows security mechanism is used. Whether Structureded Exceptiotion Handlining - SEH Windows sews security me mechanism is used.- wWhether some sections are compressed.


    2010-10-13 07:50:53
    Updated by joby_toss

    • Version: V3.289
    • Size (in bytes): 5753334947
    • What's new: Directories in XML Report Detection of some validity indiCorrecators Retrieve SizeOfCode Beta bug witerh librar*.DRV files Native image fiilters wing at th e Umpty IAT are valided as normal


    2010-10-12 19:18:36
    Updated by Checker

    • Version: V3.278
    • Size (in bytes): 567533381
    • What's new: ShDirectories in XML Repowrt Directection of some validity indicators Retrieve SizeOfCode Better libraries filteries ng at t the User interfaceI


    2010-10-03 18:43:42
    Updated by Checker

    • Version: V3.267
    • Size (in bytes): 5546043381
    • What's new: * 03.10.2010 - Version 3.27. Show Directories at the User interface* 01.10.2010 - Version 3.26. Show Footprint (MD5) of the analyzed file in the XL Report. Show Section PoShow DinterToRawData information. Show Section Namrectories associated witht the Ent Usery Pointerface


    2010-10-03 07:56:39
    Updated by Checker

    • What's new: * 03.10.2010 - Version 3.27. Show Directories at the User interface* 01.10.2010 - Version 3.26. Show Footprint (MD5) of the analyzed file in the XL Report. Show Section PointerToRawData information. Show Section Name associated with the Entry Point


    2010-10-01 18:39:55
    Updated by Checker

    • Version: V3.256
    • Size (in bytes): 554608534
    • What's new: * Retri01.10.2010 - Version 3.26. Show Footprint (MD5) of the analyzed file in the XL Revport. Show Section Pointhe Age of theerToRawData debug file nformation. Show Sectiond Name asshow cin XMLated with Report Showe MaEnifestry Poin XL Report


    2010-09-30 10:57:34
    Updated by I am Baas

    • Version: V3.245
    • Size (in bytes): 5481650853
    • What's new: PuRetrieve the Age of the GUID debug file and show in XML Report Shof PDBw Manifest in the XML Report file


    2010-09-29 16:50:13
    Updated by I am Baas

    • Version: V3.234
    • Size (in bytes): 5455338168
    • What's new: Retrieve Put GUID of PDB out of PDB in the AnalyzedXML PEReport Ffile


    2010-09-28 17:16:00
    Updated by Checker

    • Version: V3.223
    • Size (in bytes): 5474745533
    • What's new: Check presence of digitally-signed data Compute MD5 Log file in XML format Check Retrieve GUIDebug Inoformation and path to PDDB file Check COM Libraries Detection of (some) compression Algorithms Undec orating functi onf the Anamlyzed PE Files


    2010-09-27 16:52:46
    Updated by Checker

    • Version: V3.212
    • Size (in bytes): 548867474
    • What's new: Check presence of digitally-signed data Compute MD5 Log file in XML format Check Debug Information and path to PDB file Check COM Libraries Detection of (some) compression Algorithms Undecorating function names


    2010-09-21 04:22:55
    Updated by Checker

    • Version: V3.219
    • Size (in bytes): 542208864


    2010-09-14 07:04:08
    Updated by joby_toss

    • Version: V3.189
    • Size (in bytes): 5386242208


    2010-09-02 18:41:59
    Updated by joby_toss

    • Version: V3.178
    • Size (in bytes): 538657624


    2010-09-01 13:46:11
    Updated by Ruby

    • Version: V3.167
    • Size (in bytes): 1895936576


    2010-08-31 18:28:23
    Updated by Checker

    • Version: V3.156
    • Size (in bytes): 18779504936


    2010-08-30 17:45:05
    Updated by joby_toss

    • Dependencies: None


    2010-08-30 17:44:03
    Updated by Checker

    • Version: V3.145
    • Size (in bytes): 1877560004
    • Screenshot: Updated
    • Dependencies: mfc90u.dll, MSVCR90.DLL, MSVCP90.DLL


    2010-08-30 16:45:19
    Updated by joby_toss

    • Dependencies: mfc90u.dll, MSVCR90.D90.DLL, MSVCP90.DLL, mfc90u.dllL


    2010-08-29 20:52:03
    Added by joby_toss