Sending
User Rating 4.15 (13 votes)
Comments Rating 0 (0 reviews)

Description


Adlice PEViewer (RogueKillerPE) is a PE parsing tool, able to show internal structure of executable files.

It's able to read either the memory image (process module) or the disk image (filesystem) of a given executable.

 

  
 
Analysis
Nag Window
Registration
Machines
Special Plans
Support
Customization
Automatic Updates
Themes
Samples Comparator

Free

$0
Analysis
Nag Window : Every 5 Analysis
Registration
Machines
Special Plans
Support : Public Forum
Customization
Automatic Updates : Manual Only
Themes
Samples Comparator

Premium

$55
/year
Analysis
Nag Window : No nag
Registration : Installed
Machines : 5
Special Plans : Companies
Support : Private, Ticketed
Customization
Automatic Updates
Themes
Samples Comparator

AuthorAdlice Software
Version1.29.0
Download4.6 k
File Size21.7 MB
LicenseFreemium
Operating SystemWindows XP, Vista, 7, 8, 8.1, 10. 32/64 bits
Tags   analysis     editor     malware     parser     pe     portable executable     research  

 

Why buy Premium?

  • Privileged support: Easy and Fast support for you, don't hesitate to bother us.
  • No nag window: Go faster without the nag window.
  • To help us maintaining the software efficient for everyone.

Features:

  • Open PE from file, and read disk image.
  • Open PE from process, and read memory or disk image.
  • Open file from command line.
  • Drag and drop support.
  • Explorer context menu integration.
  • Process general information (pid, parent, ...)
  • File general information (attributes, size, ...)
  • Process module general information (address, size, ...)
  • A bunch of hashes (MD5, SHA1, SHA256, ...)
  • Process memory pages, with ability to dump.
  • Injected pages detection, non-readable pages detection.
  • Ability to dump injected pages to file.
  • Hex code, with ability to search (hex values, or string ANSI/UNICODE).
  • Assembly code, with ability to navigate.
  • PE Headers (MZ, PE, Optional, ...)
  • RunPE detection, shows which header fields are modified.
  • Checksum validation.
  • PE Sections, with ability to watch hex code and dump to file.
  • PE Debug, with ability to watch hex code and dump to file.
  • PE Imports, with ability to watch APIs assembly code (memory only).
  • PE Exports, with ability to watch APIs assembly code.
  • Hooks detection in imports/exports (table and inline hooks).
  • PE Resources. Able to parse all well known types and display them accordingly (strings, version information, icons, ...)
  • Ability to scan resources, sections, debug on VirusTotal.
  • Executable files detection in resources.
  • Ability to watch hex code of resources.
  • Ability to dump resources to file.
  • PDB path detection.
  • Strings scanner, with classification (Registry, files, ...)
  • Ability to dump all strings (by category or not) to file.
  • Digital Signature parsing (embedded only).
  • Bright or dark theme (Premium).
  • Samples Comparator (Premium).
  • Sample Scoring.
  • Maliciousness Indicators.

User guide

Please refer to the general documentation.
 

Download
FileAction
setup.exe (Installer 32/64 bits)Download 
RogueKillerPE.exe (32 bits)Download 
RogueKillerPE64.exe (64 bits)Download