Malicious executables often attempt to hide their behavior and evade detection. By doing so, they present anomalies and suspicious patterns. Pestudio is a free tool that allows you to perform an initial assessment of a malware without even infecting a system or studying its code.

Pestudio works on any Windows machine without installation. Its footprint is zero – it makes no modifications to the system. Since the tool never starts the executable being analyzed, one does not even need a sandbox to analyze malware. There is essentially no risk of infection.

Features:

⤷ Transform RAW data into information;

⤷ Spot anomalies;

⤷ Detect embedded files;

⤷ Collect imports , exports, strings, resources , ...;

⤷ Provide hints, indicators, groups;

⤷ Provide @ MITREattack indicators;

⤷ Retrieve scores from @ Virustotal;

⤷ Consume configurations files;

⤷ Create XML report.

There are two different versions of PeStudio - Standart and Pro:

Screenshoots: