Change history for pestudio


2017-08-13 09:38:28
Updated by billon

  • Version: v8.61 62
  • Synopsis: pestudio shows details about applications and other system files (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including: [list] [*]Libraries that are used by an application [*]Functions that are imported by an application [*]Functions (also anonymous) that are exported by an application [*]All functions that are forwarded to other libraries [*]Obsolete Functions that are exported and imported by an application [*]If Data Execution Prevention (DEP) Windows security mechanism is used [*]If Address Space Layout Randomization (ASLR) Windows security mechanism is used [*]If Windows security mechanism Structured Exception Handling (SEH) is used [*]Whether some sections are compressed [/list] pestudio standard lacks some features of pro version, see comparison [url=https://www.winitor.com/tools/pestudio/current/pestudio-features.pdf]here[/url] (PDF file!).
  • Size (in bytes): 3619055 3625947
  • Release date: 2017-07 08-22 12
  • What's new: [list] [*]Increase performance when loading executable with large collection of exports. [*]Consolidated Extended: [list] [*]Switches The in [i]settings.xml[/i]; [*]API resource classification. [/list] [*]Added: [list] [*]Online type check detection; [*]Handling of update malformed in the "About" dialog manifest; [*]Support for ARM detection. [/list] [*]Indicate missing library. [*]Extend features Handling of standard the version. [*]Fixed file bugs: [ signature. [/list] [*]When handling the Thread Detect "unusual" dos-Local stub Storage (TLS); [*]Of the Manifest View; [*]When detecting 64-bit managed files messages. [/list] [/list]


2017-07-23 16:02:43
Updated by billon

  • Release date: 2017-05 07-20 22


2017-07-23 16:01:30
Updated by billon

  • Version: v8.60 61
  • Size (in bytes): 3614891 3619055
  • Keywords: pe%20studio
  • What's new: [list] [*]Increase performance when loading executable with large collection of exports. [*]Consolidated: [list] [*]Switches in [i]settings.xml[/i]; [*]API classification. [/list] [*]Added: [list] [*]Detection Online check of Control update Flow in Guard (CFG). [*]Details the "About" dialog; [*]Support for Virustotal ARM view detection. [/list] [*]Indicate missing library. [*]Extend features of standard version. [*]Fixed bugs: [list] [*]When handling the Thread-Local Storage (TLS); [*]Of the Manifest View; [*]When detecting 64-bit managed files. [/list] [/list]


2017-05-21 21:20:21
Updated by billon

  • Version: v8.59 60
  • Size (in bytes): 3621736 3614891
  • Release date: 2017-05-01 20
  • What's new: [ Added: [list] [*]Show Detection first bytes (hex) of resources. [*]Show Control first Flow bytes Guard (hex and text) of file. [*]Handle CFG). [*]Details empty for entry-point. [*]Extend Virustotal Indicators view. [/list]


2017-05-01 23:53:04
Updated by billon

  • Version: v8.58 59
  • Size (in bytes): 3620071 3621736
  • Release date: 2017-04 05-21 01
  • What's new: [list] [*]Fix Show a first crash bytes (hex) of with resources. [*]Show some first 64bit bytes (hex executables. [*]Add detection and text) of missing libraries file. [*]Extent Handle status empty entry-bar point. [*]Extend Indicators. [/list]


2017-04-21 20:02:41
Updated by billon

  • Version: v8.57 58
  • Size (in bytes): 3609240 3620071
  • Release date: 2017-04-10 21
  • What's new: [list] [*]Extended: [list] [*]Translations; [*]Exports Fix handling; [*]Imports a handling; [*]Signatures. [/list] [*]Clean crash and with Extend some indicators 64bit executables. [*]Show: [list] [*]First Add bytes detection of entrypoint; [*]First missing bytes libraries. [*]Extent of overlay; [*]Dos status-stub message bar. [/list] [/list]


2017-04-11 12:53:46
Updated by billon

  • Version: v8.56 57
  • Size (in bytes): 3614767 3609240
  • Release date: 2017-02 04-26 10
  • What's new: . Compute [list] [*]Extended: [list] [*]Translations; [*]Exports file-ratio handling; [*]Imports for resources, sections, overlay handling; [*]Signatures. [/list] [*]Clean and dos-stub . Extent Extend file indicators. [*]Show: [list] [*]First summary . Extent bytes file of signature entrypoint; [*]First detection . Fix bytes of overlay; [*]Dos-stub bugs message. [/list] [/list]


2017-02-26 23:58:55
Updated by __philippe

  • What's new: . Compute file-ratio for resources, sections, overlay and dos-stub . Extent file summary . Extent file signature detection . Fix bugs


2017-02-26 19:05:51
Updated by __philippe

  • Version: v8.55 56
  • Size (in bytes): 3609796 3614767
  • Release date: 2017-01-02-26
  • What's new: [list] [*]Differentiate between standard and professional (pro) versions of pestudio. [*]Added: [list] [*]Detection of overlay; [*]Computation of entropy; [*]Detection of TLS Callback functions; [*]Indicators. [/list] [*]Show: [list] [*]More details about sections; [*]Overlay strings numbers; [*]Strings location map with colors. [/list] [*]Detect duplicated exported symbols. [*]Enhanced unicode strings detection. [*]Differentiate URLs referenced in the certificate. [*]Extented Indicators. [*]Dump PKCS7 Certificate. [*]Fixed: [list] [*]Crash; [*]Bug with libraries; [*]Other bugs. [/list] [/list]


2017-01-02 17:04:34
Updated by billon

  • Icon: Updated


2017-01-02 16:59:42
Updated by billon

  • Website URL: http https://www.winitor.com /
  • Version: v8.49 55
  • Synopsis: pestudio shows details about applications and other system files (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including: [list] [*]Libraries that are used by an application [*]Functions that are imported by an application [*]Functions (also anonymous) that are exported by an application [*]All functions that are forwarded to other libraries [*]Obsolete Functions that are exported and imported by an application [*]If Data Execution Prevention (DEP) Windows security mechanism is used [*]If Address Space Layout Randomization (ASLR) Windows security mechanism is used [*]If Windows security mechanism Structured Exception Handling (SEH) is used [*]Whether some sections are compressed [/list] pestudio standard lacks some features of pro version, see comparison [url=https://www.winitor.com/tools/pestudio/current/pestudio-features.pdf]here[/url] (PDF file!).
  • How to extract: Download the ZIP package and extract to a folder of your choice. Delete [i]AddToShell.reg[/i] and [i]RemoveFromShell.reg[/i]. Launch [i]pestudio.exe[/i].
  • Size (in bytes): 3547383 3609796
  • Download URL: https://www.winitor.com/tools/previous pestudio/current/pestudio849 pestudio.zip
  • Release date: 2015 2017-05 01-03 02
  • What's new: [list] [*]Differentiate between standard and professional (pro) versions of pestudio. [*]Added: [list] [*]Detection detection of overlay; [*]Computation of Windows entropy; [*]Detection builtin of services. [*]Fixed TLS a Callback bug functions; [*]Indicators. [/list] [*]Show: [list] [*]More when details handling about sections; [*]Overlay strings numbers; [*]Strings location map with colors. [/list] [*]Detect duplicated exported symbols. [*]Leveraged Enhanced unicode strings detection. [*]Differentiate URLs referenced in the certificate. [*]Extented Indicators. [*]Dump PKCS7 Certificate. [*]Fixed: [list] [*]Crash; [*]Bug for with embedded libraries; [*]Other files bugs. [/list] [/list]


2016-12-22 03:12:48
Updated by billon

  • Similar/alternative apps: [url=https://www.portablefreeware.com/index.php?id=2858]PPEE[/url]


2016-12-09 00:18:32
Updated by webfork

  • Synopsis: pestudio shows details about applications and other system files (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including: [list] [*]All libraries Libraries that are used by an application. [*]All functions [*]Functions that are imported by an application. [*]All functions [*]Functions (also anonymous) that are exported by an application. [*] [*]All functions that are forwarded to other libraries. [*] [*]Obsolete Functions that are exported and imported by an application. [*]Whether the [*]If Data Execution Prevention (DEP) Windows security mechanism is used. [*]Whether the [*]If Address Space Layout Randomization (ASLR) Windows security mechanism is used. [*]Whether Structured Exception Handling - SEH [*]If Windows security mechanism Structured Exception Handling (SEH) is used. [*] [*]Whether some sections are compressed. [/ [/list]


2016-05-19 19:12:09
Updated by billon

  • Version: v8.51 49
  • System Requirement:
  • Size (in bytes): 3581121 3547383
  • Download URL: http https://www.winitor.com/tools/pestudio851 previous/pestudio849.zip
  • Release date: 2015-08 05-17 03
  • What's new: [list] [*]Renamed pestudioprompt.exe into pestudiox.exe. [*]Added virustotal scoring of hardcoded URL. [*]Added detection of pipes. [*]Added Network Watchdog to update Virustotal Windows score builtin automatically. [*]Added XML switches to define the colors of the front-end. [*]Fixed ordinal functions mapping for 64bit images services. [*]Fixed a crash bug when handling overlay strings. [*]Fixed Leveraged a Indicators bug when retrieving the Description of the for delay-loaded embedded libraries files. [/list]


2015-08-18 18:32:06
Updated by Checker

  • Version: v8.50 51
  • Size (in bytes): 3547607 3581121
  • Download URL: http://www.winitor.com/tools/pestudio850 pestudio851.zip
  • Release date: 2015-05 08-05 17
  • What's new: [list] [*]Renamed pestudioprompt.exe into pestudiox.exe. [*]Added virustotal scoring of hardcoded URL. [*]Added detection of pipes. [*]Added Network Watchdog to update Virustotal score automatically. [*]Added XML switches to define the colors of the front-end. [*]Fixed ordinal functions mapping for 64bit images. [*]Fixed a bug crash when handling exported overlay. [*]Fixed functions a bug when retrieving the Description of 54bit the delay-loaded executables libraries. [/list]


2015-05-19 01:30:10
Updated by billon

  • Software title: PeStudio pestudio
  • Synopsis: PeStudio pestudio shows details about applications (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including: [list] [*]All libraries that are used by an application. [*]All functions that are imported by an application. [*]All functions (also anonymous) that are exported by an application. [*]All functions that are forwarded to other libraries. [*]Obsolete Functions that are exported and imported by an application. [*]Whether the Data Execution Prevention (DEP) Windows security mechanism is used. [*]Whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used. [*]Whether Structured Exception Handling - SEH Windows security mechanism is used. [*]Whether some sections are compressed. [/list]
  • How to extract: Download the ZIP package and extract to a folder of your choice. Launch [i]PeStudio pestudio.exe[/i].


2015-05-06 19:37:28
Updated by Checker

  • Version: v8.49 50
  • Size (in bytes): 3547383 3547607
  • Download URL: http://www.winitor.com/tools/pestudio849 pestudio850.zip
  • Release date: 2015-05-03 05
  • What's new: [list] [*]Added detection of Windows builtin services. [*]Fixed a bug when handling strings. [*]Leveraged exported Indicators functions for of embedded 54bit files executables. [/list]


2015-05-04 19:26:33
Updated by Checker

  • Version: v8.48 49
  • Size (in bytes): 3477458 3547383
  • Download URL: http://www.winitor.com/tools/pestudio848 pestudio849.zip
  • Release date: 2015-04 05-17 03
  • What's new: [list] [*]Extended Added Thresholds. [*]Extended detection Indicators. [*]Show of virustotal Windows score builtin for Overlay (when available). [*] services. [*]Fixed an a issue bug in when the handling Debug detection strings. [*]Fixed Leveraged an issue in imported symbols by ordinal Indicators for 64bit embedded files. [/list]


2015-04-17 21:06:59
Updated by Checker

  • Version: v8.47 48
  • Size (in bytes): 3461800 3477458
  • Download URL: http://www.winitor.com/tools/pestudio847 pestudio848.zip
  • Release date: 2015-03 04-08 17
  • What's new: [list] [*]Added Extended computation Thresholds. [*]Extended of Indicators. [*]Show Imports virustotal Hash (imphash). [*]Added score detection for of Overlay (when strings available). [*]Fixed embedded an issue in non-PE the files. [*]Extended Debug detection. [*]Fixed of an processor issue types. [*]Fixed in a imported hangup. [*]Updated symbols AV by list ordinal for 64bit files. [/list]


2015-03-08 18:53:48
Updated by Checker

  • Version: v8.46 47
  • Size (in bytes): 3485507 3461800
  • Download URL: http://www.winitor.com/tools/PeStudio/Current/PeStudio pestudio847.zip
  • Release date: 0000 2015-00 03-00 08
  • What's new: [list] [*]Added new computation thresholds. [*]Extended of Imports Hash (imphash). [*]Added detection. [*]Fixed a of crash strings with embedded malformed in non-PE files. [*]Corrected Extended duplicates detection during of collection processor of types. [*]Fixed a hangup. [*]Updated functions AV statistics list. [/list]


2015-01-09 18:35:17
Updated by Checker

  • Version: v8.45 46
  • Size (in bytes): 3435730 3485507
  • What's new: [list] [*]Added Virustotal new aging thresholds. [*]Extended and detection. [*]Fixed submission a date crash with malformed files. [*]Extended Corrected Languages duplicates detection during collection of and functions mapping statistics. [/list]


2014-12-10 17:59:12
Updated by Checker

  • Version: v8.44 45
  • Size (in bytes): 3359275 3435730
  • What's new: [list] [*]Added PeID Virustotal Signature aging detection and of submission Executable embedded in Resources date. [*]Added Extended PeID Signature Languages detection of Executable embedded in and Overlay mapping. [/list]


2014-11-28 18:24:45
Updated by Checker

  • Version: v8.43 44
  • Size (in bytes): 3353686 3359275
  • What's new: [list] [*]Added XML-based PeID Signature detection of PeID Executable embedded Signatures in Resources. [*]Added XML-based PeID Signature detection of OIDs. [*]Added Executable XML-based embedded detection of useragent. [*]Extented in blacklists Overlay. [/list]


2014-11-24 12:18:00
Updated by Checker

  • Version: v8.42 43
  • Size (in bytes): 2113115 3353686
  • What's new: [list] [*]Added XML-based detection of references PeID to Firefox API Signatures. [*]Added MD5 XML-based Blacklist detection for a of file and its Resources OIDs. [*]Extended Added XML-based detection of Overlay useragent. [*]Extented blacklists. [/list]


2014-11-03 17:25:39
Updated by Checker

  • Version: v8.41 42
  • Size (in bytes): 2093674 2113115
  • What's new: [list] [*]Extended Added validation detection of Sections. [*]Resolve references OpenSSL to ordinals Firefox API. [*]Added to MD5 User Blacklist friendly for a file and its Resources. [*]Extended detection of names Overlay. [/list]


2014-10-26 16:18:17
Updated by Checker

  • Version: v8.39 41
  • Size (in bytes): 2062158 2093674
  • What's new: [list] [*]Small Extended cosmetic validation issues. [*]Added of Indicators and Thresholds Sections. [*]Fixed Resolve a OpenSSL bug ordinals when API handling to the imports of User some friendly images names. [/list]


2014-10-15 17:22:29
Updated by Checker

  • Version: v8.38 39
  • Size (in bytes): 2049364 2062158
  • What's new: [list] [*]Added Small more cosmetic Indicators and Thresholds issues. [*]Added Functions Groups classification. [*]Resources with unknown Signature Indicators and containing only text are now tagged as Text Thresholds. [*]Fixed a bug when handling the Characteristics imports of the FileHeader. [*]Added MD5, SHA1 and Virustotal Score for some Overlay images. [/list]


2014-10-10 12:48:35
Updated by Checker

  • Version: v8.37 38
  • Size (in bytes): 1914389 2049364
  • What's new: [list] [*]Added more Indicators and Thresholds. [*]Added Functions Groups classification. [*]Resources with unknown Signature and containing only text are now tagged as Text. [*]Fixed a bug when handling the . [/ Characteristics of the FileHeader. [*]Added MD5, SHA1 and Virustotal Score for Overlay. [/list]


2014-09-05 16:45:38
Updated by Checker

  • Version: v8.35 37
  • Size (in bytes): 1905896 1914389
  • What's new: [list] [*]Added Fixed XML a Threshold bug of when number of Antivirus detecting handling the image as infected. [/ . [/list]


2014-08-23 16:02:51
Updated by Checker

  • Version: v8.34 35
  • Size (in bytes): 1905891 1905896
  • What's new: [list] [*]Extended Added Imported XML Symbols Threshold View. [*]Extended of Indicators. [*]Added number XML of Thresholds Antivirus for detecting several the values. [*]Added XML "prefered" Antivirus image Engine as Name infected. [/list]


2014-08-22 16:36:45
Updated by Checker

  • Version: v8.33 34
  • Size (in bytes): 1907024 1905891
  • What's new: [list] [*]Extended Imported Symbols View. [*]Extended Indicators. [*]Added XML Threshold Thresholds on for several values. [*]Added XML "prefered" Antivirus Libraries Engine count Name. [/list]


2014-08-16 17:57:43
Updated by Checker

  • Version: v8.32 33
  • Size (in bytes): 1904201 1907024
  • What's new: [list] [*]Added support XML for Threshold White listing of on Libraries per name in PeStudioWhiteListLibraries.xml. [*]Fixed a bug in the collection of libraries count. [/list]


2014-08-14 18:56:33
Updated by Checker

  • Version: v8.31 32
  • Size (in bytes): 1901506 1904201
  • What's new: [list] [*]Extended Added Sections support View. [*]Extended for Blacklists. [*]Extended White detection. [*]Extended the XML report resulting listing of the Libraries analysis. [*]Fixed per update name of in Virustotal Lookup PeStudioWhiteListLibraries.xml. [*]Fixed Ordinal a to bug Name in mapping the for collection 64bit of images libraries. [/list]


2014-08-12 17:22:00
Updated by Checker

  • Version: v8.30 31
  • Size (in bytes): 1873852 1901506
  • What's new: [list] [*]Images Extended analysed Sections are View. [*]Extended now parsed in separated Thread Blacklists. [*]Extended detection of Overlay. [*]Added Extended Thresholds the for XML Image report Size. [*]Added resulting Thresholds of for the Certificate Size analysis. [*]Added Fixed Default update Threshold of for Virustotal Resources Lookup. [*]Fixed a Ordinal crash to when Name analysing mapping some for 64bit files images. [/list]


2014-07-06 09:41:53
Updated by Checker

  • Version: v8.26 30
  • Size (in bytes): 1786015 1873852
  • What's new: [list] [*]Begin Images analysed are now parsed in separated Thread. [*]Extended detection of Functions Overlay. [*]Added requiring Thresholds Access for Rights (privileges) to Image be set Size. [*]Extended Added Thresholds detection for Certificate Size. [*]Added Default Threshold for Resources. [*]Fixed a crash when analysing some 64bit files. [/list]


2014-05-04 12:32:21
Updated by Checker

  • Version: v8.25 26
  • Size (in bytes): 1707282 1786015
  • What's new: [list] [*]Extended Begin features detection and of Functions requiring Access Rights (privileges) to be set. [*]Extended blacklist Thresholds detection. [/list]


2014-04-29 17:44:36
Updated by Checker

  • What's new: [list] [*]Extended features and blacklist detection. [/list]


2014-04-29 17:44:10
Updated by Checker

  • Version: v8.24 25
  • Size (in bytes): 1704604 1707282
  • What's new: [list] [*]Extended features and blacklist detection. [/list]


2014-04-24 17:41:36
Updated by Checker

  • Version: v8.23 24
  • Size (in bytes): 1693946 1704604
  • What's new: [list] [*]Extended blacklist features and Features blacklist detection. [*]Fixed a bug when handling 64-bit Images. [/list]


2014-04-16 18:44:24
Updated by Checker

  • Version: v8.22 23
  • Size (in bytes): 1688170 1693946
  • What's new: [list] [*]Added Extended detection blacklist of and bound Features Libraries detection. [*]Setup Fixed detection a of bug Common when folder handling variables ([url=http://www.microsoft.com/security/portal/mmpc/shared/variables.aspx#startup]http://www.microsoft.com/security/portal/mmpc/shared/variables.aspx#startup[/url]). [*]Setup 64-bit detection of KNOWNFOLDERID constants represent GUIDs ([url=http://msdn.microsoft.com/en-us/library/dd378457(v=vs.85).aspx]http://msdn.microsoft.com/en-us/library/dd378457(v=vs.85).aspx[/url]). [/ Images. [/list]


2014-04-15 16:31:30
Updated by Checker

  • Version: v8.21 22
  • Size (in bytes): 1666418 1688170
  • What's new: [list] [*]Detect Added Clipboard detection Chain of hooking bound Libraries. [*]Extended Setup Blacklist detection of API. [*]Extended Common folder variables ([url=http://www.microsoft.com/security/portal/mmpc/shared/variables.aspx#startup]http://www.microsoft.com/security/portal/mmpc/shared/variables.aspx#startup[/url]). [*]Setup detection of Undocumented KNOWNFOLDERID constants represent API. [/ GUIDs ([url=http://msdn.microsoft.com/en-us/library/dd378457(v=vs.85).aspx]http://msdn.microsoft.com/en-us/library/dd378457(v=vs.85).aspx[/url]). [/list]


2014-04-11 18:54:02
Updated by Checker

  • Version: v8.20 21
  • Size (in bytes): 1661788 1666418
  • What's new: [list] [*]Detect Clipboard Chain hooking. [*]Extended blacklist Blacklist of API. [*]Extended the detection of Smartcard Undocumented usage API. [/list]


2014-04-09 16:32:20
Updated by Checker

  • Version: v8.19 20
  • Size (in bytes): 1650192 1661788
  • What's new: [list] [*]Extended blacklist of API. [*]Detect Extended Mouse the and detection Keyboard of Events Smartcard programmatic synthesis usage. [/list]


2014-04-07 16:41:26
Updated by Checker

  • Version: v8.18 19
  • Size (in bytes): 1649110 1650192
  • What's new: [list] [*]Extended detection blacklist of files API. [*]Detect embedded Mouse in and Resources Keyboard and Events programmatic Overlay synthesis. [/list]


2014-04-03 17:15:02
Updated by Checker

  • Version: v8.17 18
  • Size (in bytes): 1642631 1649110
  • What's new: [list] [*]Added support for Extended detection of Undocumented files embedded in Resources and API (PeStudioFunctionsUndocumented.xml). [/ Overlay. [/list]


2014-03-31 15:54:33
Updated by Checker

  • Version: v8.16 17
  • Size (in bytes): 1609488 1642631
  • What's new: [list] [*]Fixed Added a support bug for when detection invoking of PeStudio Undocumented API (PeStudioFunctionsUndocumented.exe from the prompt with a file. [/ xml). [/list]


2014-03-28 12:58:45
Updated by Checker

  • Version: v8.15 16
  • Size (in bytes): 1608699 1609488
  • What's new: [list] [*]Extended Fixed Hooking a detection. [*]Extended bug Blacklisted when functions invoking detection PeStudio.exe from the prompt with a file. [/list]


2014-03-26 18:29:31
Updated by Checker

  • Version: v8.14 15
  • Size (in bytes): 1594224 1608699
  • What's new: [list] [*]Extended Hooking detection. [*]Extended of Blacklisted Overlay functions for InnoSetup. [*]Show shrinked DOS-Header detection. [/list]


2014-03-25 13:59:50
Updated by Checker

  • Version: v8.13 14
  • Size (in bytes): 1590594 1594224
  • What's new: [list] [*]Extended detection of Overlay for InnoSetup. [*]Added Show shrinked PeStudioWhiteListLibraries.xml DOS-Header. [/list]


2014-03-23 20:33:01
Updated by Checker

  • Version: v8.12 13
  • Size (in bytes): 1544283 1590594
  • What's new: [list] [*]Show Extended Overlay detection Signature. [*]Blacklist of Well-Known Overlay. [*]Added SID PeStudioWhiteListLibraries.xml. [/list]


2014-02-27 19:03:59
Updated by Checker

  • Version: v8.11 12
  • Size (in bytes): 1543125 1544283
  • What's new: [list] [*]Fixed Show a Overlay bug when Dumping a resource Signature. [*]Images Blacklist in Windows directories are considered as trusted. [*]Extended Features detection. [*]Extended Well-Known Blacklisting SID. [/list]


2014-02-25 19:27:46
Updated by Checker

  • Version: v8.10 11
  • Size (in bytes): 1536055 1543125
  • What's new: [list] [*]Blacklist Fixed DNS a and bug IP when APIs Dumping a resource. [*]Images in Windows directories are considered as trusted. [*]Extended Features detection. [*]Extended Blacklisting. [/list]


2014-02-18 19:31:23
Updated by Checker

  • Version: v8.09 10
  • Size (in bytes): 1522581 1536055
  • What's new: [list] [*]Added Blacklist detection DNS of and Microsoft IP Detour. [*]Added detection of Hooking APIs. [/list]


2014-02-17 16:18:08
Updated by Checker

  • Version: v8.08 09
  • Size (in bytes): 1521054 1522581
  • What's new: [list] [*]Added detection of AutoIt Microsoft Detour. [*]Added detection of Hooking. [/list]


2014-02-16 14:17:02
Updated by Checker

  • Version: v8.07 08
  • Size (in bytes): 1514016 1521054
  • What's new: [list] [*]Allow RAW-dumping using the context menu of any resource. [*]Extended Features Added detection. [*]Added Detection of Resources reuse AutoIt. [/list]


2014-02-14 07:07:04
Updated by Checker

  • Dependencies: None


2014-02-13 19:11:28
Updated by Checker

  • Version: v8.06 07
  • Size (in bytes): 1483015 1514016
  • What's new: [list] [*]Extended Allow Features RAW-dumping detection. [*]Extended using Blacklisting. [*]Show the default context Icon menu of the any Image resource. [*]Extended being Features analysed (which detection. [*]Added often Detection helps as first of suspicious Resources indicator). [/ reuse. [/list]


2014-02-06 19:22:38
Updated by Checker

  • Version: v8.05 06
  • Size (in bytes): 1446972 1483015
  • What's new: [list] [*]Extended Features detection . [*] . [*]Extended Blacklisting. [*]Extended Show detection default Icon of embedded the Image being analysed (which often helps as first IP suspicious Adresses. [/ indicator). [/list]


2014-01-31 18:20:35
Updated by Checker

  • Version: v8.04 05
  • Size (in bytes): 1438631 1446972
  • What's new: [list] [*]Added Extended Feature Features detection . [*]Extended of Regular Expressions (Regex). [*]Added Feature Blacklisting. [*]Extended detection of Service embedded Control IP Manager (SCM). [/ Adresses. [/list]


2014-01-28 18:39:44
Updated by Checker

  • Version: v8.03 04
  • Size (in bytes): 1436070 1438631
  • What's new: [list] [*]Added "Anomalies" Indicators. [*] Feature detection of Regular Expressions (Regex). [*]Added Feature detection of fake Service Microsoft Control executables [*]Extended "Features" [/ Manager (SCM). [/list]


2014-01-27 19:12:06
Updated by Checker

  • Version: v8.02 03
  • Size (in bytes): 1432226 1436070
  • What's new: [list] [*]Added PeStudioFeatures.xml "Anomalies" Indicators. [*]Added "Features" as part detection of the "Indicators". Features fake translates Microsoft the APIs, and other data into executables [*]Extended "Features" of the executable being analysed (e.g. The API "FindFirstUrlCacheEntry()" is translated as "The image accesses the IE Protected Storage" Feature). [/ " [/list]


2014-01-23 20:56:07
Updated by Checker

  • Version: v8.01 02
  • Size (in bytes): 1415793 1432226
  • What's new: [list] [*]Extented Added PeStudioOrdinals PeStudioFeatures.xml. [*]Added "Features" as for part LDAP of by the "Indicators". Features ordinals. [*]Added translates a the Threshold APIs, and for other size data into "Features" of Custom the Resources. [*]Extended executable PeStudioThresholds being analysed (e.xml. [/ g. The API "FindFirstUrlCacheEntry()" is translated as "The image accesses the IE Protected Storage" Feature). [/list]


2014-01-19 14:30:29
Updated by Checker

  • Version: v8.00 01
  • Size (in bytes): 1415291 1415793
  • What's new: [list] [*]Fixed Extented a PeStudioOrdinals.xml crash for when LDAP disabling by VirusTotal query ordinals. [*]Show Added the a Signature Threshold of for the size files Embedded in the of Custom Resources. [*]Extended PeStudioThresholds.xml. [/list]


2014-01-16 16:48:46
Updated by Checker

  • Version: v7 v8.99 00
  • Size (in bytes): 1414520 1415291
  • What's new: [list] [*]Added Fixed Min/Max a Threshold crash checks when on disabling HTML VirusTotal Resource query. [*]Show size the and Signature Extented of PeStudioThresholds.xml. [*]Extented the PeStudioIndicators.xml. [*]Extented files Embedded in the Custom PeStudioOrdinals.xml Resources. [/list]


2014-01-15 17:47:57
Updated by Checker

  • Version: v7.98 99
  • Size (in bytes): 1410477 1414520
  • What's new: [list] [*]Extended Added PeStudioBlackListFunctions.xml. [*]Extended Min/Max PeStudioBlackListLibraries.xml. [*]Correct Threshold an checks issue on when HTML showing Resource the size Resources and friendly Extented names PeStudioThresholds.xml. [*]Extented at PeStudioIndicators.xml. [*]Extented the GUI PeStudioOrdinals.xml. [/list]


2014-01-13 17:54:35
Updated by Checker

  • Version: v7.97 98
  • Size (in bytes): 1404992 1410477
  • What's new: [list] [*]Extended PeStudioThresholds PeStudioBlackListFunctions.xml. [*]Extended to PeStudioBlackListLibraries.xml. [*]Correct detect an issue when showing the Min/Max Resources size friendly of names at the Manifest GUI. [/list]


2014-01-08 16:51:21
Updated by Checker

  • Version: v7.96 97
  • Size (in bytes): 1398273 1404992
  • What's new: [list] [*]New classification of Strings. [*]Extended detection (and Indicator) of File Version Information suspicious fields. [*]Extended PeStudioOrdinals PeStudioThresholds.xml. [*]Corrected Ordinals to mapping detect for the 64 Min/Max bit images. [*]Better visualization size of Relocations entries. [*]Added Detection of Blacklisted Function of Delayed-loaded Libraries. [*]Added Support for Strings Tables. [*]Added Detection of Self-Registering DLLs Manifest. [/list]


2014-01-07 17:02:27
Updated by Checker

  • Version: v7.95 96
  • Size (in bytes): 1358369 1398273
  • What's new: [list] [*]Added New detection (and classification Indicator) of anonymous Exported Functions Strings. [*]Added Extended detection (and Indicator) of multiple File Executable Version Sections Information suspicious fields. [*]Added Extended detection (and PeStudioOrdinals.xml. [*]Corrected Indicator) of Ordinals multiple mapping instance for Imported 64 Functions bit Names images. [*]Added Better PeStudioEvasions.xml visualization to of support Relocations the entries. [*]Added detection Detection of attempts Blacklisted Evasions (Antidebugging). [*]Added (part Function of) exported MFC42 Delayed-loaded Libraries. [*]Added Support ordinals for to Strings PeStudioOrdinals.xml Tables. [*]Added Detection of Self-Registering DLLs. [/list]


2013-12-23 22:19:14
Updated by Checker

  • Version: v7.94 95
  • Size (in bytes): 1358956 1358369
  • What's new: [list] [*]Map Added Version detection (and Translation Indicator) of Information anonymous to Exported user Functions. [*]Added friendly detection (and string Indicator) of multiple Executable Sections. [*]Show Added Version detection (and Translation Indicator) of Information multiple Blacklisted instance Languages Imported Functions Names. [*]Extented Added PeStudioOrdinals PeStudioEvasions.xml to Resolve support SNMP the functions detection imported of by attempts Ordinals Evasions (Antidebugging). [*]Added (part back of) exported to MFC42 their ordinals original to names PeStudioOrdinals.xml. [/list]


2013-12-16 17:26:54
Updated by Checker

  • Version: v7.93 94
  • Size (in bytes): 1332801 1358956
  • What's new: [list] [*]Map Version Translation Information to user friendly string. [*]Show Version Translation Information Blacklisted Languages. [*]Extented PeStudioOrdinals.xml to Resolve SNMP functions imported by Ordinals back to their original names. [/list]


2013-12-14 16:45:46
Updated by guinness

  • Version: v7.89 93
  • What's new: [list] [*]Extended anomalies detection of File Version Information fields. [/list]


2013-12-05 16:27:47
Updated by Checker

  • Version: v7.88 89
  • Size (in bytes): 1331067 1332801
  • What's new: [list] [*]Added Extended anomalies detection of signature File for Version the Information Resources fields. [/list]


2013-12-04 12:15:22
Updated by Checker

  • Version: v7.87 88
  • Size (in bytes): 1329572 1331067
  • What's new: [list] [*]Extended Added detection of embedded IP Addresses. [*]Extended malicious usage of Resource Icons. [*]Added new Indicator signature for suspicious Resource the Icons Resources. [/list]


2013-12-03 14:53:14
Updated by Checker

  • Version: v7.86 87
  • Size (in bytes): 1327288 1329572
  • What's new: [list] [*]Added Extended Support detection for of Sections -> Context embedded Menu -> Dump IP Addresses. [*]Added Extended Support malicious for usage Dumping of ICO Resource as Icons. [*]Added RAW new Indicator for and suspicious ICO.file Resource format Icons. [/list]


2013-11-30 18:40:55
Updated by Checker

  • Version: v7.85 86
  • Size (in bytes): 1325860 1327288
  • What's new: [list] [*]Extended Added detection Support of for suspicious Sections -> Context debugger Menu -> Dump. [*]Added fields (invalid Support content - e.g.: flame). [*]Added for PeStudioFunctionsMapping.XML Dumping to ICO map as Function RAW Names (e and ICO.g. SystemFunction036 to file RtlGenRandom ). [/ format. [/list]


2013-11-28 17:40:24
Updated by Checker

  • Version: v7.84 85
  • Size (in bytes): 1328213 1325860
  • What's new: [list] [*]Better Extended detection of hard-coded suspicious IP debugger Addresses. [*] fields (invalid content - e.g.: flame). [*]Added Tag in PeStudioBlackListStrings PeStudioFunctionsMapping.xml XML to hide map the Function strings that are Imported Libraries Names (with the goal e.g. SystemFunction036 to concentrate on strings that really matter). [/ RtlGenRandom ). [/list]


2013-11-20 17:32:52
Updated by Checker

  • Version: v7.83 84
  • Size (in bytes): 1324694 1328213
  • What's new: [list] [*]Extended Better PeStudioBlackListFunctions.xml detection of hard-coded IP Addresses. [*]Added Tag in PeStudioBlackListStrings.xml to hide the strings that are Imported Libraries (with the goal to concentrate on strings that really matter). [/list]


2013-11-16 17:08:42
Updated by Checker

  • Version: v7.82 83
  • Size (in bytes): 1321939 1324694
  • What's new: [list] [*]Consolidated Extended Indicators PeStudioBlackListFunctions.xml. [*]Added Tag about in blacklisted PeStudioBlackListStrings.xml Resources to Languages. [*]Show hide the Resources strings Tree that leaf are in Imported Red Libraries (with when the a goal Resource to Language concentrate has on been strings detected that as really Blacklisted. [/ matter). [/list]


2013-11-14 20:11:26
Updated by Checker

  • Version: v7.80 82
  • Size (in bytes): 1313200 1321939
  • What's new: [list] [*]Extended Consolidated Blacklist Indicators of about Libraries blacklisted Resources Languages. [*]Map Show dynamically the loaded Resources libraries Tree to leaf the in content Red of when PeStudioBlackListLibraries.xml. [*]Map a dynamically Resource loaded Language functions has to the been content detected of as PeStudioBlackListFunctions.xml Blacklisted. [/list]


2013-11-12 18:19:03
Updated by Checker

  • Version: v7.78 80
  • Size (in bytes): 1284858 1313200
  • What's new: [list] [*]Added Extended Detection Blacklist and of Indicator Libraries. [*]Map for dynamically ComSpec. [*]Added loaded Correlation libraries between to strings the and content imported of Symbols PeStudioBlackListLibraries.xml. [*]Added Map Detection and Indicator for MIME64 Encoding string. [*]Added dynamically Detection loaded and functions Indicator to for the hard-coded content IP of Adresses PeStudioBlackListFunctions.xml. [/list]


2013-11-09 15:52:17
Updated by Checker

  • Version: v7.76 78
  • Size (in bytes): 1279816 1284858
  • What's new: [list] [*]Added PeStudioOrdinals.xml Detection to and map Indicator Imported for Ordinals ComSpec. [*]Added to Correlation their between original strings Function and Names imported Symbols. [*]Added Detection and Indicator for MIME64 Encoding string. [*]Added Detection and Indicator for hard-coded IP Adresses. [/list]


2013-11-08 14:51:32
Updated by Checker

  • Version: v7.75 76
  • Size (in bytes): 1261208 1279816
  • What's new: [list] [*]Fixed Added a PeStudioOrdinals.xml bug to with map the Imported Exported Ordinals Symbols to of their 64 original bit Function Images Names. [/list]


2013-11-05 17:56:17
Updated by Checker

  • Version: v7.74 75
  • Size (in bytes): 1261246 1261208
  • What's new: [list] [*]Added Fixed detection a of bug GINA. [*]Extended with Directories the Validation. [*]Added Exported Valid, Missing, Empty Symbols fields for of Directories. [*]Extended 64 PeStudioBlackListLibraries.xml. [*]Extended bit PeStudioIndicators.xml Images. [/list]


2013-11-04 18:02:51
Updated by Checker

  • Version: v7.73 74
  • Size (in bytes): 1254055 1261246
  • What's new: [list] [*]Extended Added validation detection of Debug fields GINA. [*]Extended PeStudioIndicators.xml Directories Validation. [*]Added Context Valid, Missing, Empty Menu fields at for the image level Directories. [*]Added Extended Certificates validity handling PeStudioBlackListLibraries.xml. [*]Added Extended Indicator Id in the output XML report PeStudioIndicators.xml. [/list]


2013-11-02 16:25:41
Updated by Checker

  • Version: v7.72 73
  • Size (in bytes): 1253741 1254055
  • What's new: [list] [*]Created Extended PeStudioBlackListLibraries validation of Debug fields. [*]Extended PeStudioIndicators.xml. [*]Added for Context the Menu Detection at of the blacklisted image Libraries level. [*]Added a Certificates new validity handling. [*]Added Indicator Id in PeStudioIndicators.xml the output XML report. [/list]


2013-11-01 14:03:31
Updated by Checker

  • Version: v7.71 72
  • Size (in bytes): 1249992 1253741
  • What's new: [list] [*]Fixed Created a PeStudioBlackListLibraries.xml bug for when the Detection of blacklisted Libraries. [*]Added a handling new empty Indicator Relocation in Table PeStudioIndicators.xml. [/list]


2013-10-31 17:08:05
Updated by Checker

  • Version: v7.70 71
  • Size (in bytes): 1249429 1249992
  • What's new: [list] [*]Created Fixed PeStudioPrompt.exe, a stand-alone bug version when of handling PeStudio empty running Relocation exclusively at the prompt Table. [/list]


2013-10-30 16:25:30
Updated by Checker

  • Version: v7.69 70
  • Size (in bytes): 1173538 1249429
  • What's new: [list] [*]Fixed Created PeStudioPrompt.exe, a problem stand-alone when version disabling of the PeStudio Lookup running to exclusively at the VT prompt. [/list]


2013-10-29 17:30:58
Updated by Checker

  • Version: v7.68 69
  • Size (in bytes): 1173467 1173538
  • What's new: [list] [*]Added Fixed detection a of problem Debug when File without PDB extension. [*]Added detection of Debug File name different than disabling the image name. [*]Changed Sections UI. [*]Changed Lookup VirusTotal to UI VT. [/list]


2013-10-28 12:15:13
Updated by Checker

  • Version: v7.67 68
  • Size (in bytes): 1167198 1173467
  • What's new: [list] [*]Added Query detection MSDN of context Debug menu File for without Exported PDB Functions extension. [*]Show Added Gaps detection in of Exported Debug Functions File Table name different than the image name. [*]Extended Changed PeStudioTranslations.xml Sections UI. [*]Extended Changed VirusTotal PeStudioIndicators.xml UI. [/list]


2013-10-25 16:59:33
Updated by Checker

  • Version: v7.66 67
  • Size (in bytes): 1165641 1167198
  • What's new: [list] [*]Added Query MSDN context menu for Exported Functions. [*]Show more Gaps in Exported Functions details Table. [*]Extended of PeStudioTranslations.xml. [*]Extended VirusTotal PeStudioIndicators.xml. [/list]


2013-10-24 16:43:32
Updated by Checker

  • Version: v7.65 66
  • Size (in bytes): 1163709 1165641
  • What's new: [list] [*]Added Show detection more details of PeCompact compressor. [*]Fixed a bug with Ctrl+T VirusTotal. [/list]


2013-10-23 15:44:00
Updated by Checker

  • Version: v7.63 65
  • Size (in bytes): 1161885 1163709
  • What's new: [list] [*]Extended Added PeStudioThresholds.xml (which detection enables of your PeCompact to compressor. [*]Fixed define your own thresholds). [*]Extended PeStudioTranslations.xml (which enables you to change the text at the UI). [*]Extended PeStudioSettings.XML (which enables you to change the behaviour of PeStudio). [*]Added a R/W bug support with UI PeStudioSettings.XML Ctrl+T. [/list]


2013-10-22 16:48:48
Updated by Checker

  • Version: v7.62 63
  • Size (in bytes): 1156323 1161885
  • What's new: [list] [*]Extended PeStudioBlackListFunctions PeStudioThresholds.xml. [*]Fixed (which an enables Issue your when to closing define all your files own thresholds). [*]Extended PeStudioTranslations.xml (which enables you to change the text at the UI). [*]Extended PeStudioSettings.XML (which enables you to change the behaviour of PeStudio). [*]Added R/W support UI PeStudioSettings.XML. [/list]


2013-10-12 18:05:44
Updated by Checker

  • Version: v7.61 62
  • Size (in bytes): 1156034 1156323
  • What's new: [list] [*]Added Extended detection PeStudioBlackListFunctions.xml. [*]Fixed of an missing Issue Trust when Information closing inside all Manifest. [*]Extended PeStudioIndicators.xml. [*]Extended PeStudioTranslations.xml files. [/list]


2013-10-12 11:26:02
Updated by Checker

  • Version: v7.60 61
  • Size (in bytes): 1148885 1156034
  • What's new: [list] [*]Added a detection switch (see of PeStudioBlackListStrings.xml) for missing case-sensitiveness Trust when Information scanning inside the black strings Manifest. [*]Added Extended a switch (see PeStudioBlackListStrings PeStudioIndicators.xml) for substrings when scanning the black strings. [*]Added Extended Support for Windows File Redirection PeStudioTranslations.xml. [/list]


2013-10-09 09:36:03
Updated by Midas

  • Screenshot: Updated


2013-10-09 05:56:00
Updated by Checker

  • Version: v7.59 60
  • Size (in bytes): 1144325 1148885
  • What's new: [list] [*]Added DOS a Stub switch (see at PeStudioBlackListStrings.xml) for the case-sensitiveness UI. [*]Added when new Indicator related to the (suspicious) size of scanning the DOS black Stub strings. [*]Added PeStudioThresholds a switch (see PeStudioBlackListStrings.xml) for that substrings contains when scanning the Min, Max black values strings. [*]Added used Support as for thresholds. [*]Fixed Windows enabling/disabling File Virustotal lookup switch Redirection. [/list]


2013-10-07 17:22:54
Updated by Checker

  • Version: v7.58 59
  • Size (in bytes): 1140558 1144325
  • What's new: [list] [*]Added filtering DOS of Stub Windows (standard at vs. custom) Resources the UI. [*]Added filtering new Indicator related to the (suspicious) size of obfuscated the Sections DOS Stub. [*]Added filtering PeStudioThresholds.xml of that forwarded contains exported the Symbols Min, Max values used as thresholds. [*]Added Fixed Indicator enabling/disabling about Virustotal Expired lookup Certificate(s). [/ switch. [/list]


2013-10-06 13:34:55
Updated by Checker

  • Version: v7.57 58
  • Size (in bytes): 1135379 1140558
  • What's new: [list] [*]Added test filtering of Exported Windows (standard Blacklisted vs. custom) Resources. [*]Added Functions filtering of obfuscated Sections. [*]Extended Added filtering of forwarded exported Symbols. [*]Added Indicator about Expired PeStudioIndicators.xml. [/ Certificate(s). [/list]


2013-10-03 17:52:16
Updated by Checker

  • Version: v7.55 57
  • Size (in bytes): 1128985 1135379
  • What's new: [list] [*]Extended Added Validation test Handling of Exported Blacklisted Functions. [*]Extended Certificates Handling PeStudioIndicators.xml. [/list]


2013-10-02 17:30:49
Updated by Checker

  • Version: v7.54 55
  • Size (in bytes): 1123867 1128985
  • What's new: [list] [*]Enable to open ANY image (to show the results with VirusTotal). [*]Added Creation, Last Access and Last Write times. [*]Extended validation Validation and reflect it on the Tree View Handling. [*]Extended Version Information handling. [*]Added Deprecated column to the Imported Symbols Certificates view Handling. [/list]


2013-09-29 18:14:50
Updated by Checker

  • Version: v7.53 54
  • Size (in bytes): 1119613 1123867
  • What's new: [list] [*]Added Enable CTRL-C to and open CTRL-A ANY support image (to for show all the views. [*] results with VirusTotal). [*]Added details Creation, Last for Access Relocations and Last Write times. [*]Extended PeStudioTranslations.xml. [*]Added validation translation and of reflect Machine it Type on the Tree View. [*]Fixed Extended a Version hangup Information when handling. [*]Added running Deprecated on column to the Imported Symbols XP view. [/list]


2013-09-27 11:43:57
Updated by Checker

  • Version: v7.52 53
  • Size (in bytes): 1112666 1119613
  • What's new: [list] [*]Extented Added CTRL-C and CTRL-A support for all views. [*]Added details about for Sections Relocations. [*]Extended PeStudioTranslations.xml. [*]Added translation of Machine Type. [*]Fixed a bug hangup when with running the on Certificates XP. [/list]


2013-09-26 12:07:24
Updated by Checker

  • Version: v7.51 52
  • Size (in bytes): 1111554 1112666
  • What's new: [list] [*]Added Extented PeStudioRemoveFromExplorerContextMenu.reg details file about to remove PeStudio from Explorer context menu Sections. [*]Added Fixed validation of OptionalHeader.CheckSum. [*]Added result of OptionalHeader.CheckSum validation as Indicator. [*]Released a Image bug being with analysed the earlier Certificates. [/list]


2013-09-25 16:00:23
Updated by Checker

  • Version: v7.50 51
  • Size (in bytes): 1108933 1111554
  • What's new: [list] [*]Added more PeStudioRemoveFromExplorerContextMenu.reg details file for to each remove Certificate PeStudio found from in Explorer an context additional menu. [*]Added View validation of OptionalHeader.CheckSum. [*]Extended Added Blacklisted result Functions of list OptionalHeader.CheckSum validation as Indicator. [*]Extended Released Image Obsolete being Functions analysed list earlier. [/list]


2013-09-23 16:48:26
Updated by Checker

  • Version: v7.49 50
  • Size (in bytes): 1095704 1108933
  • What's new: [list] [*]Added Certificates more Expiration details Validity for Check each Certificate found in an additional View. [*]Added Extended Dump Blacklisted of Functions Indicators list. [*]Added Extended Dump Obsolete of Functions Manifest list. [/list]


2013-09-19 21:28:52
Updated by Checker

  • Version: v7.48 49
  • Size (in bytes): 1089905 1095704
  • What's new: [list] [*]Added Context Certificates menu Expiration for Validity Certificates Check. [*]Added Dump of Certificates Indicators. [*]Added Dump of Manifest. [/list]


2013-09-18 15:10:54
Updated by Checker

  • Version: v7.47 48
  • Size (in bytes): 1080981 1089905
  • What's new: [list] [*]Raw Added discovery Context of menu fundamental for characteristics of the Certificate(s) embedded in the Image Certificates. [*]Extended Added Indicators Dump for of Certificates. [/list]


2013-09-16 16:57:08
Updated by Checker

  • Version: v7.46 47
  • Size (in bytes): 1079899 1080981
  • What's new: [list] [*]Corrected Raw execution discovery of PeStudio fundamental from characteristics of the command Certificate(s) embedded prompt. [*]Images in that the cannot be opened (e.g. invalid format,...) are shown in Gray Image. [*]Extended Tree Context Menu Indicators for VirusTotal Certificates. [/list]


2013-09-15 13:02:09
Updated by Checker

  • Version: v7.45 46
  • Size (in bytes): 1069689 1079899
  • What's new: [list] [*]Extended Corrected Tree execution Context of Menu. [*]Added PeStudio Relocation from Tables the discovery command prompt. [*]Added Images Indicator that about cannot Relocation be Items opened (e.g. invalid format,...) are shown in PeStudioIndicators.xml Gray. [*]Extended Tree Context Menu for VirusTotal. [/list]


2013-09-11 18:10:44
Updated by Checker

  • Version: v7.44 45
  • Size (in bytes): 1069910 1069689
  • What's new: [list] [*]Added Extended discovery Tree of Context registered Exception handlers of 64bit Images Menu. [*]Added Indicators Relocation for Tables registered Exception handlers discovery. [*]Added discovery of static usage of Thread Local Space (TLS). [*]Added Indicator for usage of about Thread Relocation Local Items Space (TLS). [*]Extented in Filtering PeStudioIndicators.xml. [/list]


2013-09-08 10:46:49
Updated by Checker

  • Version: v7.43 44
  • Size (in bytes): 1060843 1069910
  • What's new: [list] [*]Added a discovery Filtering of mechanism registered in Exception the handlers Parser of 64bit Images. [*]Added a Indicators UI for to registered filter Exception according handlers. [*]Added to discovery the of presence static usage of Certificate Thread Local Space (TLS). [*]Added Indicator for usage of Thread Local Space (TLS). [*]Extented Filtering. [/list]


2013-09-05 17:06:22
Updated by Checker

  • Version: v7.42 43
  • Size (in bytes): 1043642 1060843
  • What's new: [list] [*]Corrected Added FileVersion a shown Filtering when mechanism pointing in the image Parser. [*]Extended Added context a menu UI for to imported filter libraries. [*]Extended according context to the menu presence for of resources Certificate. [/list]


2013-09-04 16:35:15
Updated by Checker

  • Version: v7.41 42
  • Size (in bytes): 1048668 1043642
  • What's new: [list] [*]Implemented Corrected the "default_view" (see FileVersion PeStudioSettings.xml). [*]Added general Information shown when pointing an the Image root image. [*]Added Extended Tree context coloring (e.g. VirusTotal menu score). [*]Added for Tree imported libraries. [*]Extended context menu for resources. [/list]


2013-09-02 17:09:37
Updated by Checker

  • Version: v7.40 41
  • Size (in bytes): 1042866 1048668
  • What's new: [list] [*]Fixed Implemented the "default_view" (see dependencies PeStudioSettings.xml). [*]Added of general the Information when pointing an Image root. [*]Added Tree coloring (e.g. VirusTotal new score). [*]Added UI Tree of context PeStudio menu. [/list]


2013-08-31 14:55:37
Updated by Checker

  • Version: v7.39 40
  • Size (in bytes): 723310 1042866
  • What's new: [list] [*]Added Fixed context-menu the for dependencies all of lists. [*]Added the Accelerators. [*]Added new Close UI All of Images button PeStudio. [/list]


2013-08-29 17:08:54
Updated by Checker

  • Version: v7.38 39
  • Size (in bytes): 719133 723310
  • What's new: [list] [*]Redesign Added of context-menu the for User all Interface lists. [*]Support Added loading of multiple images Accelerators. [*]Demangled the Parser programmatic interface. [*]Issue: When loading too many images simultaneously, the VT results are not retrieved for some images. This is "normal" since the current key PeStudio is using is restricted as far as the amount of request pro seconds is concerned. This issue will be handled with VT until Added in Close the All next Images version button. [/list]


2013-08-28 16:06:05
Updated by Checker

  • Version: v7.37 38
  • Size (in bytes): 982995 719133
  • What's new: [list] [*]Added Redesign detection of the User Interface. [*]Support loading of empty multiple fields images. [*]Demangled in the Parser programmatic interface. [*]Issue: When loading too many images simultaneously, the Version VT Information results block [*]Added are Indicator not retrieved for some images. This is "The normal" since Version the current key PeStudio field '%s' is Empty" (e.g using The is Version restricted as far as the amount of request pro seconds field 'CompanyName' is Empty) [/ concerned. This issue will be handled with VT until in the next version. [/list]


2013-08-14 16:08:06
Updated by Checker

  • Version: v7.36 37
  • Size (in bytes): 999487 982995
  • What's new: [list] [*]Added Support detection of images empty packed fields with in FSG. [/ the Version Information block [*]Added Indicator "The Version field '%s' is Empty" (e.g The Version field 'CompanyName' is Empty) [/list]


2013-08-12 16:57:28
Updated by Checker

  • Version: v7.35 36
  • Size (in bytes): 999492 999487
  • What's new: [list] [*]Better Added imports Support detection of images packed with FSG. [/list]


2013-08-11 13:36:05
Updated by Checker

  • Version: v7.34 35
  • Size (in bytes): 991330 999492
  • What's new: [list] [*]Handled Better misalignement imports of Version buffer detection. [/list]


2013-08-09 16:06:07
Updated by Checker

  • Version: v7.33 34
  • Size (in bytes): 999389 991330
  • What's new: [list] [*]Better Handled validation misalignement of certificat Version buffer. [/list]


2013-08-07 16:37:13
Updated by Checker

  • Version: v7.32 33
  • Size (in bytes): 999338 999389
  • What's new: [list] [*]Fixed Better a validation crash of with files depending on a specific library certificat. [/list]


2013-08-06 18:54:51
Updated by Checker

  • Version: v7.31 32
  • Size (in bytes): 1012216 999338
  • What's new: [list] [*]Handled Fixed an a issue crash when with loading files the depending same on image a multiple specific times library. [/list]


2013-08-03 09:23:17
Updated by Checker

  • Version: v7.30 31
  • Size (in bytes): 999425 1012216
  • What's new: [list] [*]Correct Handled Load an Configuration issue Directory when validation. [*]Added loading detection the of same in-process image COM multiple Server (e.g. BHO Plugin). [/ times. [/list]


2013-08-01 14:41:44
Updated by Checker

  • Version: v7.29 30
  • Size (in bytes): 997813 999425
  • What's new: [list] [*]Handle Correct malformed Load or Configuration empty Directory App validation. [*]Added Paths detection entries [*]Show/Hide of Virustotal in-process TAB COM from Server (e.g. BHO the UI and Show/Hide the Virustotal XML Section according to the switch in PeStudioVirusTotal.xml [/ Plugin). [/list]


2013-07-31 16:24:00
Updated by Checker

  • Version: v7.27 29
  • Size (in bytes): 1421213 997813
  • What's new: [list] [*]Support Handle usage malformed of or PeStudio empty App Paths entries [*]Show/Hide Virustotal TAB from the Command UI and Show/Hide the Virustotal XML Section according to the Prompt. [*]Started switch a "PeStudio in Handbook PeStudioVirusTotal.pdf". [/ xml [/list]


2013-07-30 13:36:47
Updated by Checker

  • Version: v7.26 27
  • Size (in bytes): 996999 1421213
  • What's new: [list] [*]Added Support Validity usage checks (and of Indicators) on PeStudio Section from Headers (e.g. file the missalignment). [*]Fixed Command SHA1 Prompt. [*]Started issue. [/ a "PeStudio Handbook.pdf". [/list]


2013-07-27 14:36:09
Updated by Checker

  • Version: v7.03 26
  • Size (in bytes): 955444 996999
  • What's new: [list] [*]Added detection Validity of checks (and MPRESS Indicators) on compression [*]Added Section detection of UPX evasion Headers (one e.g. file or more standard UPX section names changed) [*]Added computation of missalignment). [*]Fixed SHA1 of the image analyzed [*]Fixed issue with right mouse copy at the UI [/ . [/list]


2013-06-22 13:03:07
Updated by Checker

  • Version: v7.02 03
  • Size (in bytes): 945936 955444
  • What's new: [list] [*]Added Items detection in of Blacklist MPRESS XML compression [*]Added file. [*]PeStudioSettings.xml detection now of centralizes UPX the names evasion (which one are or not more hardcoded standard anymore) of UPX the section others names XML changed) [*]Added files. [*]The computation Blacklist of engine SHA1 can now be switched ON and OFF in of the XML image file analyzed [*]Fixed enumerating issue the with Blacklisted right strings. [*]The mouse minimum copy length of strings detected is now determined in at the Blacklist XML file. [*]Show more details about the content of ollybugs images. [*]Cleaning up comments in this ChangeLog.txt file. [*]Fixed an issue with strings enumeration. [/ UI [/list]


2013-06-19 19:24:45
Updated by Checker

  • Version: v7.01 02
  • Size (in bytes): 941427 945936
  • What's new: [list] [*]Added a Items new in PeStudioStringsBlackList.xml Blacklist XML file. [*]PeStudioSettings.This xml file now contains centralizes the list names (which are not hardcoded anymore) of "blacklisted" strings which the will others be XML used files. [*]The to Blacklist detect engine suspicious can strings now in be the switched Image. You ON must and manually OFF edit in this the XML file to enumerating add the Blacklisted strings. [*]The to minimum your length of convenience. The "blacklisted" strings will detected be is shown now as determined Indicators in and the at Blacklist XML file. [*]Show more details about the UI content of ollybugs images. [*]Cleaning up comments in the this Strings ChangeLog.txt Tab file. [*]Added Fixed validation an on issue Number with of strings Sections enumeration. [/list]


2013-06-16 11:45:32
Updated by Checker

  • Version: v6 v7.99 01
  • Size (in bytes): 933508 941427
  • What's new: [list] [*]Added support a for new PeStudioStringsBlackList.xml file. This file contains the list of "blacklisted" strings which will be used to detect suspicious imported strings in the Image. You must manually edit this file names (e.g to add strings to your convenience. unprintable The "blacklisted" strings name, not will null be terminated) [*]Added shown PeStudioSettings.xml as Indicators and handling at VirusTotal the switch UI ON/OFF in based the on Strings this Tab. [*]Added XML validation file [*]Enhanced on validation Number of EAT (ollybug.exe) [/ Sections. [/list]


2013-06-14 16:09:01
Updated by Checker

  • Download URL: http://www.winitor.com/tools/PeStudio/Current/PeStudio.zip


2013-06-14 16:08:19
Updated by Checker

  • Version: v6.98 99
  • Size (in bytes): 932253 933508
  • What's new: [list] [*]Detect Added INVALID support DATA for found suspicious in imported the file VERSION_INFO stream names (some e.g. unprintable malware name, not place null custom terminated) [*]Added stream PeStudioSettings.xml in and standard handling Windows VirusTotal Resources) [*]Extended switch support ON/OFF for based corkami on malformed this samples XML file [*]Added Enhanced more validation items of in PestudioIndicators EAT (ollybug.xml [/ exe) [/list]


2013-06-13 16:12:47
Updated by Checker

  • Version: v6.91 98
  • Size (in bytes): 932349 932253
  • What's new: [list] [*]All Detect lists INVALID support DATA right-click found context in menu [*]Added the ordering VERSION_INFO by stream (some number malware place custom stream in all standard lists Windows Resources) [*]Extended support for corkami malformed samples [*]Added size more in items Strings in List PestudioIndicators.xml [/list]


2013-06-05 07:19:02
Updated by Checker

  • Version: v6.89 91
  • Size (in bytes): 959628 932349
  • What's new: [list] [*]Added All Detection lists of support ZM right-click instead context of MZ at the begin of the image menu [*]Added Query ordering of by Imported number Functions in at all MSDN using the Context Menu lists [*]Fixed Added a bug size in the XML report [*]Filter Directories types on the Strings UI List [/list]


2013-05-17 15:19:22
Updated by Checker

  • Version: v6.60 89
  • Size (in bytes): 916797 959628
  • What's new: [list] [*]Added Support Detection for of dumping ZM the instead Sections of into MZ a file from at the GUI begin using of the right-mouse click image [*]Added Support Query for of dumping Imported Functions at MSDN using the Resources Context into Menu [*]Fixed a file bug from in the GUI XML using report [*]Filter the Directories right-mouse types on the click UI [/list]


2013-04-14 18:29:33
Updated by Checker

  • Version: v6.55 60
  • Size (in bytes): 942313 916797
  • What's new: [list] [*]Added full Support RAW for access dumping to the Icons Sections items [*]Corrected into handling a of file obsolete from Functions the GUI using the right-mouse click [*]Created Added handling Support of for Resources dumping CodePages the via Resources PeStudioCodePages.XML into a file from the GUI using the right-mouse click [/list]


2013-04-12 17:33:05
Updated by Checker

  • Version: v6.50 55
  • Size (in bytes): 978089 942313
  • Screenshot: Updated
  • What's new: [list] [*]Added detection full of RAW 7zSFX access files to embedded Icons in Resources items [*]Added Corrected Mapping handling of Language obsolete Code of StringFileInfo to Human friendly name into the XML Report Functions [*]Added Created Mapping handling of Code Resources Page CodePages of StringFileInfo to Human friendly name into the via PeStudioCodePages.XML Report [*]Icon at the UI is now directly loaded from the Resource using our own interface file [/list]


2013-04-06 17:57:49
Updated by Checker

  • Version: v6.40 50
  • Size (in bytes): 975254 978089
  • Screenshot: Updated
  • What's new: [list] [*]Dump Added the detection of 7zSFX files embedded in Resources [*]Added content Mapping of Language Code of StringFileInfo in to Human friendly name into the XML report Report [*]Dump Added the Mapping content of Code Page of VarFileInto StringFileInfo in to Human friendly name into the XML report Report [*]Icon at the UI is now directly loaded from the Resource using our own interface [/list]


2013-04-04 18:41:14
Updated by Checker

  • Version: v6.30 40
  • Size (in bytes): 966291 975254
  • Screenshot: Updated
  • What's new: [list] [*]Corrected a bug in Dump the Console version content of PeStudio [*]Added Version VS_VERSIONINFO raw data StringFileInfo in the XML Report report [*]Added Version VS_FIXEDFILEINFO raw data in Dump the XML content Report [*]Should of an error take place when handling an image, shows its description at the UI and VarFileInto in the XML file [*]Added Indicator "The image masquerades UPX compression" (sections are named as UPX, BUT the image is NOT compressed with UPX!) [/ report [/list]


2013-03-30 16:51:09
Updated by Checker

  • Screenshot: Updated


2013-03-30 16:50:33
Updated by Checker

  • Version: v6.20 30
  • Size (in bytes): 962412 966291
  • What's new: [list] [*]Corrected a bug in the Console version of PeStudio [*]Added Indicator "The Version image VS_VERSIONINFO File raw data in the XML Report [*]Added Version is %s" [*] VS_FIXEDFILEINFO raw data in the XML Report [*]Should an error take place when handling an image, shows its description at the UI and in the XML file [*]Added Indicator "The image is masquerades encrypted UPX with compression" (sections are named as UPX (version %s, level %i)" [*]Added BUT UPX the information image details is in NOT XML compressed report with file [/ UPX!) [/list]


2013-03-24 16:23:25
Updated by Checker

  • Version: v6.10 20
  • Size (in bytes): 875620 962412
  • Screenshot: Updated
  • What's new: [list] [*]Release Image analyzed when handling a new one [*]Enable Reporting for invalid images [*]Show number of Items in Report Tab at the UI [*]Added Search String feature at the UI [*]Added Indicator "The image is File a Version Executable is %s" [*]Added Indicator "The image is a encrypted Dynamic-Link with Library UPX (DLL)" [*]Added Indicator "The image size on the Disk (as reported) is version %s, level %i Bytes" [*] )" [*]Added Indicator "The UPX File information is details Not in a Windows Portable Executable (PE) image" [*]PeStudioFunctionsDepracated.XML is now loaded once [*]PeStudioIndicators.XML is not loaded once [*]Handle missing PeStudiIndicators.XML report file [*]Corrected Offset Addresses of Strings detection [/list]


2013-03-17 17:40:42
Updated by Checker

  • Version: v6.00 10
  • Size (in bytes): 948353 875620
  • Screenshot: Updated
  • What's new: [list] [*]Added Release Indicator "The Image image analyzed file when contains %i handling unused a Bytes (Caves)" [*] new one [*]Enable Reporting for invalid images [*]Show number of Items in Report Tab at the UI [*]Added Indicator "The Search image String Name feature has at been the Changed" [*] UI [*]Added Indicator "The image original is name a was %s Executable" [*]Added Indicator " The image contains %i is bytes a of Dynamic-Link Code" [*] Library (DLL)" [*]Added Indicator "The image contains %i size embedded on Visual the Stylesheet Disk (as XML reported) is %i Items(s)" [*] Bytes" [*]Added Indicator "The image File contains %i is Custom Not Resource a Item(s)" [*]Added Windows Indicator "The Portable Executable (PE) image" [*]PeStudioFunctionsDepracated.XML contains %i is Built-in now loaded once [*]PeStudioIndicators.XML is not loaded once [*]Handle missing PeStudiIndicators.XML file [*]Corrected Offset Addresses of Resources Strings Item(s)" [/ detection [/list]


2013-02-16 16:03:11
Updated by Checker

  • Version: v6.60 00
  • Screenshot: Updated
  • What's new: [list] Version 6.60 . ] [*]Added Indicator "The image file contains %i unused Bytes (Caves)" . )" [*]Added Indicator "The image Name has been Changed" . " [*]Added Indicator "The image original name was %s" . " [*]Added Indicator "The image contains %i bytes of Code" . " [*]Added Indicator "The image contains %i embedded Visual Stylesheet XML Items(s)" . )" [*]Added Indicator "The image contains %i Custom Resource Item(s)" . )" [*]Added Indicator "The image contains %i Built-in Resources Item(s)" Version 5.55 [*]Added Indicator "The image references (%s) Debug Symbols" [*]Added Indicator "The image has %i Writable and Executable Section(s)" [*]Added Indicator "The image has %i Writable and Shared Section(s) which can be used as Attack Verctor" [*]Added Indicator "The image does NOT use Data Execution Prevention (DEP) as Mitigation technique" [*]Added Indicator "The image does NOT use Address Space Layout Randomization (ASLR) as Mitigation technique" [*]Added Indicator "The image does NOT use Safe Structured Exception Handling (SafeSEH) as Mitigation technique" [*]Added Indicator "The image does NOT use Cookies placed on the Stack (GS) as Mitigation technique" [*]Fixed a bug by reading Symbols [/ )" [/list]


2013-02-15 22:19:40
Updated by Ruby

  • Version: v5 v6.55 60
  • Size (in bytes): 944473 948353
  • What's new: [list] [*] ] Version 6.60 . Added Indicator "The image file contains %i unused Bytes (Caves)" . Added Indicator "The image Name has been Changed" . Added Indicator "The image original name was %s" . Added Indicator "The image contains %i bytes of Code" . Added Indicator "The image contains %i embedded Visual Stylesheet XML Items(s)" . Added Indicator "The image contains %i Custom Resource Item(s)" . Added Indicator "The image contains %i Built-in Resources Item(s)" Version 5.55 [*]Added Indicator "The image references (%s) Debug Symbols" [*]Added Indicator "The image has %i Writable and Executable Section(s)" [*]Added Indicator "The image has %i Writable and Shared Section(s) which can be used as Attack Verctor" [*]Added Indicator "The image does NOT use Data Execution Prevention (DEP) as Mitigation technique" [*]Added Indicator "The image does NOT use Address Space Layout Randomization (ASLR) as Mitigation technique" [*]Added Indicator "The image does NOT use Safe Structured Exception Handling (SafeSEH) as Mitigation technique" [*]Added Indicator "The image does NOT use Cookies placed on the Stack (GS) as Mitigation technique" [*]Fixed a bug by reading Symbols [/list]


2013-02-14 17:50:02
Updated by Checker

  • Version: v5.50 55
  • Size (in bytes): 940549 944473
  • What's new: [list] [*]Added Indicator "The image exports %i references (%s) Debug Symbols" [*]Added Indicator "The image exports has %i Obsolete Writable Symbols" [*]Added Indicator "The image exports %i and Anonymous Executable Symbol Section(s)" [*]Added Indicator "The image exports has %i Forwarded Writable Symbol and Shared Section(s)" [*]Added ) which Indicator "The can image be exports %i used Decorated as Symbol(s)" [*] Attack Verctor" [*]Added Indicator "The image imports %i does Symbol(s)" [*]Added NOT Indicator "The use image Data imports %i Execution Prevention (DEP) as Obsolete Mitigation Symbol(s)" [*] technique" [*]Added Indicator "The image imports %i does NOT use Address Space Anonymous Layout Symbol(s)" [*] Randomization (ASLR) as Mitigation technique" [*]Added Indicator "The image imports %i does NOT use Forwarded Safe Symbol(s)" [*] Structured Exception Handling (SafeSEH) as Mitigation technique" [*]Added Indicator "The image imports %i does Decorated NOT Symbol(s)" [*]Added use Collection Cookies of placed IMAGE_BOUND_IMPORT_DESCRIPTOR on details the in Stack (GS) as XML Mitigation Report [*]Added technique" [*]Fixed Indicator "The a image bug is by bound reading to %i Libraries" [/ Symbols [/list]


2013-02-12 20:19:24
Updated by Checker

  • Version: v5.40 50
  • Size (in bytes): 930393 940549
  • Screenshot: Updated
  • What's new: [list] [*]Extended Added Indicators Indicator "The for image Embedded exports %i Resources [*]Corrected Symbols" [*]Added missing Indicator "The Dependencies image for exports %i some Obsolete types Symbols" [*]Added Indicator "The image exports %i Anonymous Symbol(s)" [*]Added Indicator "The image exports %i Forwarded Symbol(s)" [*]Added Indicator "The image exports %i Decorated Symbol(s)" [*]Added Indicator "The image imports %i Symbol(s)" [*]Added Indicator "The image imports %i Obsolete Symbol(s)" [*]Added Indicator "The image imports %i Anonymous Symbol(s)" [*]Added Indicator "The image imports %i Forwarded Symbol(s)" [*]Added Indicator "The image imports %i Decorated Symbol(s)" [*]Added Collection of images [/ IMAGE_BOUND_IMPORT_DESCRIPTOR details in XML Report [*]Added Indicator "The image is bound to %i Libraries" [/list]


2013-02-08 17:23:58
Updated by Checker

  • Version: v5.30 40
  • Size (in bytes): 928608 930393
  • What's new: [list] [*]Renamed *.XML Extended files Indicators to for PeStudio*.XML Embedded Resources [*]Interfaces Corrected to missing PeParser (PeParser.h Dependencies and for PeParser.lib) are some now part types of the Package. [*]Added Indexing of String [*]Added Detection of duplicated Section Names images [/list]


2013-02-07 15:07:43
Updated by Checker

  • Version: v5.20 30
  • Size (in bytes): 854352 928608
  • Screenshot: Updated
  • What's new: [list] [*]Allow Renamed *.XML Strings files length to choice PeStudio*.XML [*]Interfaces for to filtering PeParser (PeParser.h at and PeParser.lib) are now part of the UI Package. [*]Added Indexing of String [*]Added more Detection items of in duplicated Indicators.XML Section Names [/list]


2013-02-06 11:51:06
Updated by Checker

  • Version: v5.00 20
  • Size (in bytes): 875109 854352
  • Screenshot: Updated
  • What's new: [list] [*]The Allow Strings contained length in choice the for file filtering analyzed can now be exported to at the output XML file [*]Added validation Check of AddressOfEntryPoint field UI [*]Added new more items in Indicators.XML [/list]


2013-02-04 00:46:40
Updated by webfork

  • Screenshot: Updated
  • Forum topic ID: 0 6788


2013-02-03 22:30:24
Updated by Checker

  • Screenshot: Updated


2013-02-03 22:24:25
Updated by Checker

  • Version: v4 v5.90 00
  • Size (in bytes): 871840 875109
  • What's new: [list] [*]Added The MachineType Strings contained in Indicators. the file analyzed can now be exported to the output XML file [*]Added FileSignature validation Check of AddressOfEntryPoint field [*]Added new items in Indicators.XML [/list]


2013-01-30 20:40:48
Updated by Checker

  • Version: v4.80 90
  • Size (in bytes): 869201 871840
  • Screenshot: Updated
  • What's new: * Version [list] [*]Added 4.80 . Add items MachineType in Indicators.XML . Custom [*]Added Resources are shown FileSignature in orange color * Version 4.70 . Corrected handling of Certificate Directory . Corrected coloring of Indicators * Version 4.60 . Increased detection for obfuscated images . Increased stability of the tool against malformed images . Added better support for obfuscated images . Extented Indicators of Malformations (IOM) . Created a new file (Indicators.XML) containing the Indicators shown at the UI and in the XML report that can be created by the tool . Added better detection of Missing Libraries [/list]


2013-01-28 06:30:58
Updated by Ruby

  • Version: v4.70 80
  • Size (in bytes): 868385 869201
  • What's new: [list] [*] * Version 4.80 . Add items in Indicators.XML . Custom Resources are shown in orange color * Version 4.70 . Corrected handling of Certificate Directory [*] . Corrected coloring of Indicators [/list] * Version 4.60 . Increased detection for obfuscated images . Increased stability of the tool against malformed images . Added better support for obfuscated images . Extented Indicators of Malformations (IOM) . Created a new file (Indicators.XML) containing the Indicators shown at the UI and in the XML report that can be created by the tool . Added better detection of Missing Libraries


2013-01-26 12:53:29
Updated by Checker

  • Version: v4.50 70
  • System Requirement:
  • Size (in bytes): 849126 868385
  • Screenshot: Updated
  • What's new: [list] [*]Correct Corrected discovery handling of Delay-loaded Certificate libraries Directory [*]Corrected coloring of Indicators [/list]


2012-10-28 19:46:13
Updated by Checker

  • Version: v4.40 50
  • Size (in bytes): 849061 849126
  • What's new: [list] [*]When Correct handling discovery a of resources Delay-loaded only image, some validity checks are differents libraries [/list]


2012-10-26 14:38:52
Updated by Checker

  • Version: v4.30 40
  • Size (in bytes): 848966 849061
  • What's new: [list] [*]Enhanced When detection handling of a device resources driver only images image, some validity checks are differents [/list]


2012-10-25 11:30:06
Updated by Checker

  • Version: v4.20 30
  • Size (in bytes): 848407 848966
  • What's new: [list] [*]Renamed parameters for command prompt (see Prompt support description above) [*]Added Enhanced detection of CAB device files driver embedded as Resource in an Image [*]Added detection of PDF files embedded as Resource in an Image [*]Added detection of RIFF files embedded as Resource in an Image [*]Added detection of GIF files embedded as Resource in an Image [*]Added detection of PNG files embedded as Resource in an Image [*]Added detection of Delphi Forms embedded as Resource in an Image [*]Added detection of "requireAdministrator" Execution Level from the Manifest [*]Corrected custom Resources detection images [/list]


2012-10-23 16:23:03
Updated by Checker

  • Version: v4.10 20
  • Size (in bytes): 846301 848407
  • What's new: [list] [*]Added Renamed Command parameters for command prompt (see Prompt support description above) [*]Added detection of CAB files embedded as Resource in an Image [*]Added "The image detection exports of XY PDF files embedded Symbols" as new Resource Indicator in an Image [*]Added more detection obsolete of functions RIFF files embedded as Resource in the an WindowsFunctionsDeprecated.xml Image [*]Added file (delivered detection of GIF files embedded as Resource in an Image [*]Added detection of PNG files embedded as Resource in an Image [*]Added detection of Delphi Forms embedded as Resource in an Image [*]Added detection of "requireAdministrator" Execution Level from the Manifest [*]Corrected with custom this Resources project) [/ detection [/list]


2012-10-03 17:55:52
Updated by Checker

  • Version: V4 v4.10
  • Screenshot: Updated


2012-10-03 17:53:51
Updated by Checker

  • Version: V4.00 10
  • Size (in bytes): 834364 846301
  • What's new: [list] [*]Now fully support 64bit Images on 32bit Platform [*]Validate IMAGE_OPTIONAL_HEADER.SectionAlignment [*]Validate IMAGE_OPTIONAL_HEADER.FileAlignment [*]Validate IMAGE_OPTIONAL_HEADER.SizeOfUninitializedData [*]Validate IMAGE_OPTIONAL_HEADER.SizeOfInitializedData [*]Validate IMAGE_OPTIONAL_HEADER.SizeOfCode [*]Validate IMAGE_OPTIONAL_HEADER.NumberOfRvaAndSizes [*]Validate IMAGE_OPTIONAL_HEADER.SizeOfImage [*]Validate IMAGE_FILE_HEADER.SizeOfOptionalHeader [*]Validate IMAGE_FILE_HEADER.NumberOfSections [*]Validate IMAGE_FILE_HEADER.TimeStamp [*]Validate IMAGE_FILE_HEADER.PointertoSymbolTable [*]Validate IMAGE_FILE_HEADER.NumberOfSymbols [*]Show Resources Languages [*]Show Type of Debug information (NB09, NB10, NB11, RSDS ) [*]Show imported Functions of missing libraries [*]Show total number of Bytes available in Caves [*]Show Gaps in Exported Symbols collection [*]Show Section Name the Base of Data belongs to [*]Added validation Command of Prompt IMAGE_DOS_HEADER, IMAGE_NT_HEADERS support [*]Added "The validation image of exports IMAGE_DIRECTORY_ENTRY_IMPORT, IMAGE_DIRECTORY_ENTRY_RESOURCE [*]Added OptionalHeader to XML report [*]Added detection of non-standard Sections is NOT based on their names anymore [*]Added detection of invalid Directory (IMAGE_DATA_DIRECTORY) [*]Added detection of invalid Export Table Directory (IMAGE_EXPORT_DIRECTORY) [*]Added detection of duplicated Sections names [*]Added detection of Codeless images [*]Added detection of Section containing the Entry point [*]Corrected filtering of Obsolete Imported Functions [*]Corrected Imported XY Symbols for 64bit images [*]Corrected Pageable Section Flag [*]Corrected detection of msstyles "Resources Only" Images [*]Corrected as a new crash that takes place when switching between Tree and list View in Resources Tab Indicator [*]Corrected Added Missing more DLL obsolete path functions in XP [*]Corrected the Names WindowsFunctionsDeprecated.xml Undecoration file (delivered for with exported this symbols [/ project) [/list]


2012-09-18 22:00:41
Updated by Checker

  • Version: V3 V4.69 00
  • System Requirement:
  • Synopsis: PeStudio shows details about applications (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including: : [list] [*]All libraries that are used by an application. . [*]All functions that are imported by an application. . [*]All functions (also anonymous) that are exported by an application. . [*]All functions that are forwarded to other libraries. . [*]Obsolete Functions that are exported and imported by an application. . [*]Whether the Data Execution Prevention (DEP) Windows security mechanism is used. . [*]Whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used. . [*]Whether Structured Exception Handling - SEH Windows security mechanism is used. . [*]Whether some sections are compressed. . [/list]
  • How to extract: Download the ZIP package and extract to a folder of your choice. Launch [i]PeStudio.exe. [/i].
  • Size (in bytes): 758550 834364
  • Icon: Updated
  • Screenshot: Updated
  • What's new: [list] [*]Now fully support 64bit Images on 32bit Platform [*]Validate IMAGE_OPTIONAL_HEADER.SectionAlignment [*]Validate IMAGE_OPTIONAL_HEADER.FileAlignment [*]Validate IMAGE_OPTIONAL_HEADER.SizeOfUninitializedData [*]Validate IMAGE_OPTIONAL_HEADER.SizeOfInitializedData [*]Validate IMAGE_OPTIONAL_HEADER.SizeOfCode [*]Validate IMAGE_OPTIONAL_HEADER.NumberOfRvaAndSizes [*]Validate IMAGE_OPTIONAL_HEADER.SizeOfImage [*]Validate IMAGE_FILE_HEADER.SizeOfOptionalHeader [*]Validate IMAGE_FILE_HEADER.NumberOfSections [*]Validate IMAGE_FILE_HEADER.TimeStamp [*]Validate IMAGE_FILE_HEADER.PointertoSymbolTable [*]Validate IMAGE_FILE_HEADER.NumberOfSymbols [*]Show Resources Languages [*]Show Type of Debug information (NB09, NB10, NB11, RSDS ) [*]Show imported Functions of missing libraries [*]Show total number of Bytes available in Caves [*]Show Gaps in Exported Symbols collection [*]Show Section Name the Base of Data belongs to [*]Added detection validation of "Resources Only" images IMAGE_DOS_HEADER, IMAGE_NT_HEADERS [*]Added validation of IMAGE_DIRECTORY_ENTRY_IMPORT, IMAGE_DIRECTORY_ENTRY_RESOURCE [*]Added OptionalHeader to XML report [*]Added detection of Borland non-standard compiler Sections Show is presence NOT based on their names anymore [*]Added detection of Delphi invalid Turbo Directory (IMAGE_DATA_DIRECTORY) [*]Added Pascal detection Filers of invalid Export Table Directory (TPF) IMAGE_EXPORT_DIRECTORY) [*]Added detection of duplicated Sections names [*]Added detection of Codeless images [*]Added detection of Section containing the Entry point [*]Corrected filtering of Obsolete Imported Functions [*]Corrected Imported Symbols for 64bit images [*]Corrected Pageable Section Flag [*]Corrected detection of msstyles "Resources Only" Images [*]Corrected a crash that takes place when switching between Tree and list View in Resources Tab [*]Corrected Missing DLL path in XP [*]Corrected Names Undecoration for exported symbols [/list]


2012-05-09 07:04:01
Updated by Checker

  • Version: V3.68 69
  • Size (in bytes): 743536 758550
  • Screenshot: Updated
  • What's new: Added MD4 detection footprint of "Resources Corrected Only" images sections Added handling detection for of encrypted/compressed Borland files compiler Corrected Show filtering presence of deprecated Delphi Turbo Pascal exported Filers (TPF) in Symbols Resources


2012-05-05 10:05:44
Updated by Checker

  • Version: V3.67 68
  • Size (in bytes): 772645 743536
  • What's new: Fixed Added a MD4 bug footprint when Corrected sections handling resources of for encrypted/compressed files Show Corrected presence filtering of Embedded Type Library files in Resources Show presence of Embedded Registry files deprecated in exported Resources Symbols


2012-04-30 20:18:18
Updated by Checker

  • Version: V3.66 67
  • Size (in bytes): 772443 772645
  • Screenshot: Updated
  • What's new: Show Fixed presence a of bug Embedded when Compressed handling HTML resources files of in encrypted/compressed Resources files Show presence of Embedded Executables Type Library files in Resources Show Resources presence instances of and Embedded their Registry characteristics files Show in MD5 footprint Resources


2012-04-28 19:35:05
Updated by Checker

  • Version: V3.65 66
  • Size (in bytes): 764701 772443
  • Screenshot: Updated
  • What's new: Added Show detection presence of SafeSEH Embedded mitigation Compressed technique HTML Added detection of Cookies on the Stack (GS) mitigation technique Added a new Mitigation classification as Indicator If no Error found then show Warnings If no Warning found then show Evidences The image is linked with Debug Symbols, show this as Evidence The Image exports anonymous symbols, show this as Evidence Renamed Evidences as Indicators  Created errors, warning and evidences nodes files in indicators node in XML Resources Show existence presence of Manifest Embedded as Executables evidence Show Executable AND Writable Section as Warning Show image renamed as Warning Set Error, Warning levels for evidences Show Image target 64bit Processor as Evidence Show Missing Libraries files in the imports Tab Resources Show Missing Libraries as Error Show CPU mismatch as Error Don't translate Resources 241 instances to and Manifest their anymore Re-enable display of Debug information Re-enable display of Core .NET information characteristics Show new evidence when at least one Directory is invalid Show new evidence when at least one Section is invalid Show new evidence when Entry point is NULL Corrected Directories validity test Corrected filtering of Writable and executable MD5 section footprint


2012-04-06 21:21:45
Updated by Checker

  • Version: V3.64 65
  • Size (in bytes): 763613 764701
  • What's new: * Version 3.64. Added detection of SafeSEH mitigation technique Added detection of Cookies on the Stack (GS) mitigation technique Added a new Mitigation classification as Indicator. If no Error found then show Warnings. If no Warning found then show Evidences The image is linked with Debug Symbols, show this as Evidence The Image exports anonymous symbols, show this as Evidence Renamed Evidences as Indicators  Created errors, warning and evidences nodes in indicators node in XML Show existence of Manifest as evidence Show Executable AND Writable Section as Warning Show image renamed as Warning Set Error, Warning levels for evidences Show Image target 64bit Processor as Evidence Show Missing Libraries in the imports Tab Show Missing Libraries as Error Show CPU mismatch as Error Don't translate Resources 241 to Manifest anymore Re-enable display of Debug information Re-enable display of Core .NET information Show new evidence when at least one Directory is invalid Show new evidence when at least one Section is invalid Show new evidence when Entry point is NULL Corrected Directories validity test Corrected filtering of Writable and executable section


2012-04-06 00:43:39
Updated by joby_toss

  • Version: V3.63 64
  • Size (in bytes): 760384 763613
  • What's new: * Version The 3.64. Added image a is new linked Mitigation with Debug Symbols, show this classification as Evidence Indicator. If The no Image Error exports found anonymous then symbols, show this Warnings. If as Evidence Renamed Evidences as Indicators  Created errors, warning and evidences nodes in indicators node in XML Show existence of Manifest as evidence Show Executable AND Writable Section as no Warning Show found image then renamed show as Warning Evidences


2012-04-03 08:25:28
Updated by Checker

  • Version: V3.62 63
  • Size (in bytes): 754114 760384
  • What's new: . Set Error, Warning The levels image for is evidences. Show linked Image with target Debug 64bit Symbols, show Processor this as Evidence. Show Missing The Libraries Image in exports the anonymous imports symbols, show Tab. Show this Missing as Libraries Evidence Renamed Evidences as Error. Shwo Indicators  Created CPU errors, warning mismatch and as evidences Error. Don't nodes translate in Resources indicators 241 node to in Manifest XML anymore. Re-enable Show display existence of Debug Manifest information. Re-enable as display evidence of Show Core .NET Executable information AND Writable Section as Warning Show image renamed as Warning


2012-03-31 14:01:01
Updated by ashghost

  • Version: V3.61 62
  • What's new: . Set Show Error, Warning new levels evidence for when evidences. Show at Image least target one 64bit Directory Processor is invalid as Evidence. Show new Missing evidence Libraries when in at the least imports one Tab. Show Section Missing is Libraries invalid as Show Error. Shwo new CPU evidence mismatch when as Entry Error. Don't point translate is Resources NULL 241 Corrected to Directories Manifest validity anymore. Re-enable test display Corrected of filtering Debug of information. Re-enable Writable display and of executable Core .NET section information


2012-03-25 18:27:28
Updated by Checker

  • Version: V3.60 61
  • Size (in bytes): 757435 754114
  • What's new: Added Show support new of Forwarded functions discovery Corrected Bug evidence when reading at the least Resources one of Directory some images Added Resources to the Report Detect is invalid directoires Show Added new filtering evidence of when Sections at Added least support one for Delay-loaded Libraries Improved performance by reading dependencies from memory whenever possible Added Core .NET information to the Report Added Manifest to the Report Put more details to Libraries into the Report Put more details to Sections into the Report Added Imported Symbols to the Report Added Exported Symbols to the Report Added File Header to the Report Added Exported Symbols in Report Added Sections in Report Handle Imported Libraries without version information Corrected missing path on some Imported libraries  Icon of the image sometimes not shown when PeStudio Section is started invalid from Show the new command prompt. Distinguish between .NET and native images evidence when gathering Entry Evidences point Add is discovery NULL of the Corrected Directories for x64 validity Images test Corrected a filtering bug of when Writable dragging an Image onto PeStudio Resolved "Visual and C++ Runtime executable Error" section


2012-03-23 18:04:32
Updated by Checker

  • Version: V3.54 60
  • Size (in bytes): 735501 757435
  • What's new: Added support of Forwarded functions discovery Corrected Bug when reading the Resources of some images Added Resources to the Report Detect invalid directoires Added filtering of Sections Added support for Delay-loaded Libraries Improved performance by reading dependencies from memory whenever possible Added Core .NET information to the Report Added Manifest to the Report Put more details to Libraries into the Report Put more details to Sections into the Report Added Imported Symbols to the Report Added Exported Symbols to the Report Added File Header to the Report Added Exported Symbols in Report Added Sections in Report Handle Imported Libraries without version information Corrected missing path on some Imported libraries  Icon of the image sometimes not shown when PeStudio is started from the command prompt. Distinguish between .NET and native images when gathering Evidences Add discovery of the Directories for x64 Images Corrected a bug when dragging an Image onto PeStudio Resolved "Visual C++ Runtime Error"


2011-12-19 21:15:53
Updated by Checker

  • Version: V3.53 54
  • Size (in bytes): 727637 735501
  • Screenshot: Updated
  • What's new: Added Put Exported more Symbols details to Libraries in the Report Added Sections Imported in Symbols Report to Handle the Imported Report Libraries Added without Exported version Symbols information to Corrected the missing Report path Added on File some Header Imported to libraries the Report


2011-12-13 09:01:02
Updated by Checker

  • Version: V3.52 53
  • Size (in bytes): 723262 727637
  • Screenshot: Updated
  • What's new: Icon Added of Exported the Symbols image in sometimes Report not Added shown Sections when in PeStudio Report is Handle started Imported from Libraries the without command version prompt. Add information discovery Corrected of missing the path Directories on for some x64 Imported Images libraries


2011-12-07 04:55:25
Updated by Ruby

  • Download URL: http://www.winitor.com/tools/PeStudio351.zip


2011-12-06 12:19:02
Updated by Checker

  • Version: V3.51 52
  • Size (in bytes): 718392 723262
  • What's new: * Version 3.51 - 01.12.2011. Resolved Icon drag of an the drop image failure sometimes on not PeStudio shown when shortcuted PeStudio on is started from the Desktop command prompt. Resolved "Visual Add discovery of the Directories for C++ Runtime x64 Error" Images


2011-12-02 04:05:53
Updated by I am Baas

  • Download URL: http://www.winitor.com/tools/PeStudio350 PeStudio351.zip


2011-12-01 11:52:41
Updated by infimum

  • Version: V3.50 51
  • What's new: 28.11.2011 - * Version 3.50* Added Report of Libraries* Added Report of Manifest* Corrected a bug when reading 64Bit Imported Libraries* Corrected filtering of Imported Libraries* Resolved a crash when creating the Report. Improved performance by reading dependencies from memory whenever possible. The Obsolete Functions are now available as external (and extensible) "WindowsObsoleteFunctions 51 - 01.XML" file. Show OptionalHeader 12.MajorImageVersion and OptionalHeader.MinorImageVersion 2011. Show Resolved OptionalHeader.MajorSubsystemVersion drag and an OptionalHeader.MinorSubsystemVersion. Show drop the failure original on file name of the Image PeStudio when available. Show shortcuted FileHeader.IMAGE_FILE_REMOVABLE_RUN_ on FROM_SWAP and FileHeader.IMAGE_FILE_NET_RUN_FROM_SWAP. Selectively report of Evidences and Debug the information Desktop. Resolved "Visual C++ Runtime Error"


2011-11-29 17:52:41
Updated by joby_toss

  • Version: V3.47 50
  • Size (in bytes): 717876 718392
  • Download URL: http://www.winitor.com/tools/PeStudio347 PeStudio350.zip
  • Screenshot: Updated
  • What's new: 28.11.2011 - Version 3.50* Added Report of Libraries* Added Report of Manifest* Corrected a bug when reading 64Bit Imported Libraries* Corrected filtering of Imported Libraries* Resolved a crash when creating the Report . Improved performance by reading dependencies from memory whenever possible. The Obsolete Functions are now available as external (and extensible) "WindowsObsoleteFunctions.XML" file. Show OptionalHeader.MajorImageVersion and OptionalHeader.MinorImageVersion. Show OptionalHeader.MajorSubsystemVersion and OptionalHeader.MinorSubsystemVersion. Show the original file name of the Image when available. Show FileHeader.IMAGE_FILE_REMOVABLE_RUN_ FROM_SWAP and FileHeader.IMAGE_FILE_NET_RUN_FROM_SWAP. Selectively report of Evidences and Debug information. Resolved "Visual C++ Runtime Error"


2011-11-20 10:52:05
Updated by Checker

  • Website URL: http://www.winitor.net/en/pestudio.html com
  • Version: V3.45 47
  • Size (in bytes): 727877 717876
  • Download URL: http://www.winitor.net com/tools/PeStudio PeStudio347.zip
  • Screenshot: Updated
  • What's new: Resolved crashed on unexpected Manifest content. Added Dump of Section Added IPeSection interface Added IsLocatedInStandardDirectory function Extended GetImportedLibraries function with a parameter to filter (Windows) standard directories Extended IPeSectionHeaders interface to access Section Header crash per when Name creating or the Index Report


2011-08-23 00:13:32
Updated by Checker


    2011-01-05 20:23:52
    Updated by Checker

    • Version: V3.44 45
    • Size (in bytes): 722516 727877
    • What's new: . Make Resources Resolved crashed Types on and unexpected Instances Manifest available content. Added IPeResourceTypeManifest Dump of Section interface. Added IPeResourceTypeVersionInfo IPeSection interface. Consolidated IPeOptionalHeader Added interface. Consolidated IsLocatedInStandardDirectory IPeDirectories function interface. Added Extended Number GetImportedLibraries of function Sections with as a Evidences ( 2 < Sections < 96 ). Added parameter FileAlignment to and filter (Windows) standard SectionAlignment directories fields Extended IPeSectionHeaders interface to IPeOptionalHeader access interface. Added Section PeParser.lib Header to per the Name ZIP or file Index


    2010-12-22 00:56:18
    Updated by Checker

    • Version: V3.43 44
    • Synopsis: PeStudio shows details about applications (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including: : All libraries that are used by an application. . All functions that are imported by an application. . All functions (also anonymous) that are exported by an application. . All functions that are forwarded to other libraries. . Obsolete Functions that are exported and imported by an application. . Whether the Data Execution Prevention (DEP) Windows security mechanism is used. . Whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used. . Whether Structured Exception Handling - SEH Windows security mechanism is used. . Whether some sections are compressed.
    • Size (in bytes): 705777 722516
    • What's new: . Make Resources Types and Instances available. Added Detection IPeResourceTypeManifest of interface. Added launching IPeResourceTypeVersionInfo process interface. Consolidated functions IPeOptionalHeader as interface. Consolidated Evidence IPeDirectories interface. Added Detection Number of Image Sections Obfuscation (encryption, compression) as Evidence Evidences ( 2 < Sections < 96 ). Added FileAlignment and SectionAlignment fields to IPeOptionalHeader interface. Added PeParser.lib to the ZIP file


    2010-12-03 21:53:29
    Updated by Checker

    • Version: V3.42 43
    • Size (in bytes): 708608 705777
    • What's new: * 27.11.2010 - Version 3.42. Make Added the Detection Interface of file launching PeParser.h process functions as Evidence public. Added offset (hint) Detection of exported Image functions Obfuscation (encryption, compression) as Evidence


    2010-11-27 13:51:50
    Updated by Checker

    • Size (in bytes): 663894 708608


    2010-11-27 13:51:07
    Updated by Checker

    • Version: V3.41 42
    • What's new: Added Large Address Space awareness as Evidence Added Structured Storage as functions group Added OLE as functions group Added ImageHelp as functions group Added Setup API as functions group Addet Thread Local Storage (TLS * 27.11.2010 - dynamic) as Version functions 3.42. Make group  Added the Resource Interface Section file size bigger as Code Section size as Evidence PeParser.h public. Added Image Digital Signature test as Evidence Added Thread Local Storage offset (TLS - static hint) usage as Evidence. Added Image Bound detection as Evidence Added Custom Resource Types as Evidence Added Detection of programmatic exported loading of libraries as Evidence functions


    2010-11-17 20:34:04
    Updated by Checker

    • Version: V3.40 41
    • Size (in bytes): 649428 663894
    • What's new: Added number Large of Address Sections Space as Evidence Added empty Checksum awareness as Evidence Added other (Borland) standard Structured sections Storage as known functions sections group Make Added size OLE of DosStub (very small or very big) as Evidence functions Make group Windows Added Network Functions ImageHelp as Evidence PeStudio.exe %1 and PeStudio.exe "%1" are now supported Make functions addresses available Make Dos Stub size available Make Preferred Base Address available for Libraries group Added support Setup for a single Command Line parameter: e.g PeStudio.exe %1 will open the file to analyse Show whether the Section Names are standard API as Evidence functions Number group of Addet imported Thread symbols Local Storage (TLS - dynamic) as Evidence Handle sectionless files Handle invalid Directories Show usage of Debugging functions as group  Added Evidence Resource Show Section usage size of NetBios functions bigger as Evidence Code Show Section Usage of Service Control Manager (SCM) functions size as Evidence Show Added usage Image of Digital Hooking Signature functions test as Evidence Corrected Added problem Thread with Local upx compressed files Show unused image file space Storage (Caves TLS - static) as Evidence IAT size estimation for Evidences adjusted Show Obsolete Imported functions usage as Evidence. Added Show Image Obsolete Bound Exported functions detection as Evidence Show Added usage Custom of Resource HTTP functions Types as Evidence Show Added usage Detection of RAS programmatic functions as Evidence Show usage loading of Winsock functions libraries as Evidence Resolve crash on Window 64 bit


    2010-11-10 08:58:46
    Updated by joby_toss

    • Version: V3.39 40
    • Size (in bytes): 686775 649428
    • What's new: Added number of Sections as Evidence Added empty Checksum as Evidence Added other (Borland) standard sections as known sections Make size of DosStub (very small or very big) as Evidence Make Windows Network Functions as Evidence PeStudio.exe %1 and PeStudio.exe "%1" are now supported Make functions addresses available Make Dos Stub size available Make Preferred Base Address available for Libraries Added support for a single Command Line parameter: e.g PeStudio.exe %1 will open the file to analyse Show whether the Section Names are standard as Evidence Number of imported symbols as Evidence Handle sectionless files Handle invalid Directories Show usage of Debugging functions as Evidence Show usage of NetBios functions as Evidence Show Usage of Service Control Manager (SCM) functions as Evidence Show usage of Hooking functions as Evidence Corrected problem with upx compressed files Show unused image file space (Caves) as Evidence IAT size estimation for Evidences adjusted Show Obsolete Imported functions as Evidence Show Obsolete Exported functions as Evidence Show usage of HTTP functions as Evidence Show usage of RAS functions as Evidence Show usage of Winsock functions as Evidence Resolve crash on Window 64 bit


    2010-11-09 12:26:13
    Updated by joby_toss

    • Version: V3.38 39
    • Size (in bytes): 685084 686775
    • What's new: Make Added Windows other (Borland) standard Network Functions sections as Evidence known PeStudio.exe %1 sections and Make PeStudio.exe "%1" are size now of supported DosStub (very small or very big) as Evidence


    2010-11-05 17:25:22
    Updated by Checker

    • Version: V3.37 38
    • Size (in bytes): 679320 685084
    • What's new: Make functions Windows addresses Network available Functions Make as Dos Stub size available Make Preferred Base Address available for Libraries Added support for a single Command Line parameter: e.g Evidence PeStudio.exe %1 will and open the file PeStudio.exe "%1" are to now analyse supported


    2010-11-04 19:19:02
    Updated by Checker

    • Version: V3.36 37
    • Size (in bytes): 679936 679320
    • What's new: * 01.11.2010 - Version 3.36 . Show Make whether functions the addresses Section available Names Make are Dos standard Stub as size Evidence . Number available of Make imported Preferred symbols Base as Address Evidence . Handle available sectionless for Libraries Added support for a single Command Line parameter: e.g PeStudio.exe %1 will open the files . Handle file invalid to Directories analyse


    2010-11-01 06:06:50
    Updated by Checker

    • What's new: * 01.11.2010 - Version 3.36 . . Show whether the Section Names are standard as Evidence . . Number of imported symbols as Evidence . . Handle sectionless files . . Handle invalid Directories


    2010-11-01 06:06:03
    Updated by Checker

    • Version: V3.35 36
    • Size (in bytes): 673746 679936
    • What's new: * 01.11.2010 - Version 3.36 . Show usage whether the Section Names are standard as Evidence . Number of Debugging imported functions symbols as Evidence . Handle sectionless files . Handle invalid Directories


    2010-10-29 15:23:43
    Updated by Checker

    • Version: V3.34 35
    • Size (in bytes): 660717 673746
    • What's new: Show usage of Hooking Debugging functions as Evidence Corrected problem with upx compressed files


    2010-10-27 08:18:26
    Updated by Checker

    • Version: V3.33 34
    • Size (in bytes): 658032 660717
    • What's new: Show unused usage image of file Hooking functions space (Caves) as Evidence Corrected problem with upx compressed files


    2010-10-26 11:02:01
    Updated by webfork

    • Version: V3.32 33
    • Size (in bytes): 657437 658032
    • What's new: IAT size estimation for Evidences adjusted Show Obsolete Imported functions as Evidence Show Obsolete Exported functions as Evidence Show usage of HTTP functions as Evidence Show usage of RAS functions as Evidence Show usage of unused Winsock image functions file space (Caves) as Evidence


    2010-10-20 18:35:08
    Updated by Checker

    • Version: V3.31 32
    • Size (in bytes): 646378 657437
    • What's new: Resolve IAT crash size on estimation Window for 64 Evidences bit adjusted Show Obsolete Imported functions as Evidence Show Obsolete Exported functions as Evidence Show usage of HTTP functions as Evidence Show usage of RAS functions as Evidence Show usage of Winsock functions as Evidence


    2010-10-17 08:55:43
    Updated by Checker

    • Version: V3.30 31
    • Size (in bytes): 578729 646378
    • What's new: Test Resolve COM crash Server on Support Window Show 64 COM Server support in Evidences Put Evidences in XML file Corrected duplicated items in Exported functions list bit


    2010-10-14 15:24:33
    Updated by Checker

    • Version: V3.29 30
    • Size (in bytes): 574947 578729
    • What's new: Corrected Test a COM bug Server with *.DRV Support files Show Native COM image Server files support with in Evidences Put Evidences in XML file Corrected empty duplicated IAT items are in valided Exported as functions normal list


    2010-10-13 14:56:27
    Updated by joby_toss

    • Synopsis: PeStudio shows details about applications (*. (.exe, *. , .dll, *. , .cpl, ocx, *. , .ax, *. , .sys, ...) , etc.) without starting them, like:- all including: All libraries that are used by an application.- all . All functions that are imported by an application.- all . All functions (also anonymous) that are exported by an application.- all . All functions that are forwarded to other libraries.- . Obsolete Functions that are exported and imported by an application.- whether . Whether the Data Execution Prevention (DEP) Windows security mechanism is used.- whether . Whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used.- whether . Whether Structured Exception Handling - SEH Windows security mechanism is used.- whether . Whether some sections are compressed.


    2010-10-13 07:50:53
    Updated by joby_toss

    • Version: V3.28 29
    • Size (in bytes): 575333 574947
    • What's new: Directories Corrected in a XML bug Report with *.DRV Detection files of Native some image validity files indicators with Retrieve empty SizeOfCode IAT Better are libraries valided filtering as at the UI normal


    2010-10-12 19:18:36
    Updated by Checker

    • Version: V3.27 28
    • Size (in bytes): 563381 575333
    • What's new: Show Directories in XML Report Detection of some validity indicators Retrieve SizeOfCode Better libraries filtering at the User interface UI


    2010-10-03 18:43:42
    Updated by Checker

    • Version: V3.26 27
    • Size (in bytes): 554604 563381
    • What's new: * 03.10.2010 - Version 3.27. Show Directories at the User interface* 01.10.2010 - Version 3.26. Show Footprint (MD5) of the analyzed file in the XL Report. Show Section PointerToRawData information. Show Section Name associated with the Entry Point


    2010-10-03 07:56:39
    Updated by Checker

    • What's new: * 03.10.2010 - Version 3.27. Show Directories at the User interface* 01.10.2010 - Version 3.26. Show Footprint (MD5) of the analyzed file in the XL Report. Show Section PointerToRawData information. Show Section Name associated with the Entry Point


    2010-10-01 18:39:55
    Updated by Checker

    • Version: V3.25 26
    • Size (in bytes): 550853 554604
    • What's new: * 01.10.2010 - Version Retrieve the Age 3.26. Show Footprint (MD5) of the debug analyzed file and show in XML the XL Report. Show Section PointerToRawData information. Show Manifest Section in Name XL associated Report with the Entry Point


    2010-09-30 10:57:34
    Updated by I am Baas

    • Version: V3.24 25
    • Size (in bytes): 548168 550853
    • What's new: Put Retrieve GUID the Age of PDB the in debug the file and show in XML Report file Show Manifest in XL Report


    2010-09-29 16:50:13
    Updated by I am Baas

    • Version: V3.23 24
    • Size (in bytes): 545533 548168
    • What's new: Retrieve Put GUID of PDB out of in the Analyzed XML PE Report File file


    2010-09-28 17:16:00
    Updated by Checker

    • Version: V3.22 23
    • Size (in bytes): 547474 545533
    • What's new: Check Retrieve presence GUID of digitally-signed data Compute MD5 Log file in XML format Check Debug Information and path to PDB file Check COM Libraries Detection out of (some) compression Algorithms the Undecorating Analyzed function PE names File


    2010-09-27 16:52:46
    Updated by Checker

    • Version: V3.21 22
    • Size (in bytes): 548864 547474
    • What's new: Check presence of digitally-signed data Compute MD5 Log file in XML format Check Debug Information and path to PDB file Check COM Libraries Detection of (some) compression Algorithms Undecorating function names


    2010-09-21 04:22:55
    Updated by Checker

    • Version: V3.19 21
    • Size (in bytes): 542208 548864


    2010-09-14 07:04:08
    Updated by joby_toss

    • Version: V3.18 19
    • Size (in bytes): 538624 542208


    2010-09-02 18:41:59
    Updated by joby_toss

    • Version: V3.17 18
    • Size (in bytes): 536576 538624


    2010-09-01 13:46:11
    Updated by Ruby

    • Version: V3.16 17
    • Size (in bytes): 1895936 536576


    2010-08-31 18:28:23
    Updated by Checker

    • Version: V3.15 16
    • Size (in bytes): 1877504 1895936


    2010-08-30 17:45:05
    Updated by joby_toss

    • Dependencies: None


    2010-08-30 17:44:03
    Updated by Checker

    • Version: V3.14 15
    • Size (in bytes): 1856000 1877504
    • Screenshot: Updated
    • Dependencies: mfc90u.dll, MSVCR90.DLL, MSVCP90.DLL


    2010-08-30 16:45:19
    Updated by joby_toss

    • Dependencies: mfc90u.dll, MSVCR90.DLL, MSVCP90.DLL, mfc90u.dll


    2010-08-29 20:52:03
    Added by joby_toss