Explore PE files in memory or on disk
- Our rating
It's able to read either the memory image (process module) or the disk image (filesystem) of a given executable.
- Custom plans
- Software Limitation
- Automatic Updates
- 5 analysis
|Adlice PEViewer Download|
|File Size||21.68 MB|
|Operating System||Windows XP, Vista, 7, 8, 8.1, 10. 32/64 bits|
|Tags||analysis editor malware parser pe portable executable research|
Description and Review
PEViewer is a FREE (with Premium version) software able to parse and display advanced information regarding PE files, as well as offering 3rd party analysis to classify malware and goodware files.
- Open PE from file, and read disk image.
- Open PE from process, and read memory or disk image.
- Open file from command line.
- Drag and drop support.
- Explorer context menu integration.
- Process general information (pid, parent, ...)
- File general information (attributes, size, ...)
- Process module general information (address, size, ...)
- A bunch of hashes (MD5, SHA1, SHA256, ...)
- Process memory pages, with ability to dump.
- Injected pages detection, non-readable pages detection.
- Ability to dump injected pages to file.
- Hex code, with ability to search (hex values, or string ANSI/UNICODE).
- Assembly code, with ability to navigate.
- PE Headers (MZ, PE, Optional, ...)
- RunPE detection, shows which header fields are modified.
- Checksum validation.
- PE Sections, with ability to watch hex code and dump to file.
- PE Debug, with ability to watch hex code and dump to file.
- PE Imports, with ability to watch APIs assembly code (memory only).
- PE Exports, with ability to watch APIs assembly code.
- Hooks detection in imports/exports (table and inline hooks).
- PE Resources. Able to parse all well known types and display them accordingly (strings, version information, icons, ...)
- Ability to scan resources, sections, debug on VirusTotal.
- Executable files detection in resources.
- Ability to watch hex code of resources.
- Ability to dump resources to file.
- PDB path detection.
- Strings scanner, with classification (Registry, files, ...)
- Ability to dump all strings (by category or not) to file.
- Digital Signature parsing (embedded only).
- Bright or dark theme (Premium).
- Samples Comparator (Premium).
- Sample Scoring.
- Maliciousness Indicators.
- VirusTotal full information.
Please refer to the general documentation.