A little tip for analyzing Windows programs for malware or their components. There is a product called PEStudio by Marc Ochsenmeier that can be used to quickly analyze a Windows program and check its components for malware via VirusTotal.
PEStudio is available in a free and a paid Pro version (129 euros per user and year) on this website. The PEStudio Free version offers malware analysis in a private context by reading and displaying file signatures and fixed URLS as well as IP addresses.
The tool can be unpacked from the ZIP file and started without installation. The program file to be analyzed can then be dragged and dropped into the program window. Various information can then be called up in a tree diagram. However, the free version available to me had to be terminated and restarted to test a second Windows program. The free version offers, for example, the following features for analysis (see also the screenshot above).
- Recognition of file signatures
- Recognition of hard-coded URLs and IP addresses
- Collection of metadata
- Collecting imports, exports, strings
- Retrieving manifest, resources, overlay
- Retrieving the result from Virustotal
The changelog for version 9.56 can be found here.
