52ky 发表于 2021-7-5 15:47:05

PeStudio 6.70

PeStudio 是一款免费工具,可用于对任何 Windows 应用程序进行静态分析,不仅可以显示原始数据,还可以显示信任指标。 用 PeStudio 分析的可执行文件永远不会启动。 因此,您可以毫无风险地使用 PeStudio 分析可疑应用程序!
根据启动方式,PeStudio 具有图形用户界面 (GUI) 或基于字符的用户界面 (CUI),这在执行面向批处理模式的可执行文件解析时特别有用。
PeStudio 具有一组独特的功能,例如在 Virustotal 上查找正在分析的图像,可以使用图像的依赖关系启动 PeStudio 的新实例。 PeStudio 对 Windows Portable Executable 格式的数据进行 RAW 访问。 没有使用 Windows API 来收集元素。
PeStudio 的一个独特功能是能够创建正在分析的图像的 XML 报告。

(PeStudio is a free tool which can be used to perform static analysis of any Windows application and reveals not only Raw-data, but also Indicators of Trust. Executable files analyzed with PeStudio are never started. For this reason, you can analyze suspicious applications with PeStudio with no risk!
Depending on how it is started PeStudio has a Graphical User Interface (GUI) or a Character-Based User Interface (CUI), which is especially useful when performing batch-mode oriented parsing of executable files.
PeStudio has a set of unique features like looking-up for the image being analyzed on Virustotal, the possibility to start new instances of PeStudio with the dependencies of the image. PeStudio does a RAW access to the data of the Windows Portable Executable format. No Windows API is used to gather elements.
A feature which is also unique to PeStudio is the ability to create an XML report of the image being analyzed.)

页: [1]
查看完整版本: PeStudio 6.70