Artificial Intelligence powered PE analyzer

  • Our rating
User Rating 4.49 (35 votes)
Adlice PEViewer (RogueKillerPE) is a PE analyzer software, helping during malware analysis. PEViewer is able to inspect a file on disk or (running) process memory and classify the sample using various modules based on artificial intelligence, 3rd party services and built-in heuristic rules.
Choose your plan
  •    Registration
    If machine registration is available
  •    Custom plans
    If custom plans are available (Ex: company)
  •    Analysis
    Parse PE files
  •    Comparison Form
    Compare 2 samples using a left/right panel view
  •    Support
    Get support for your questions or feedback
  •    Automatic Updates
    Update the software with one click


  • Special plans available for companies.
  • Unlimited
  • Private emails and public forum


  • Limited
    Nag window every 5 analysis
  • Public Forum.
  • Manual Updates.

IconDownload Adlice PEViewer
AuthorAdlice Software
File Size27.43 MB
Operating SystemWindows XP, Vista, 7, 8, 8.1, 10. 32/64 bits
Tags   analysis     editor     malware     parser     pe     portable executable     research  

Adlice PEViewer is a software used by many researchers at Antivirus companies or CERT worldwide in order to perform malware static analysis.

Malicious software sometimes try to hide their goals to evade detection and static analysis. By doing so, they leave indicators, metadatas and suspicious modifications behind.

Adlice PEViewer searches and lists these artifacts to help researchers making up their mind on a suspicious file. The software uses robust PE parser as well as analysis engine and heuristics detections to build these indicators.

PEViewer also relies on 3rd party scanners like VirusTotal for which it displays the results, and on an in-house Artificial Intelligence (MalPE). All of this together allows the tool to build severity scores.



  • Open PE from file, and read disk image.
  • Open PE from process, and read memory or disk image.
  • Open file from command line.
  • Drag and drop support.
  • Explorer context menu integration.
  • Process general information (pid, parent, ...)
  • File general information (attributes, size, ...)
  • Process module general information (address, size, ...)
  • Many different hashes (MD5, SHA1, SHA256, IMPHASH, ...)
  • Process memory pages, with ability to dump.
  • Injected pages detection, non-readable pages detection.
  • Ability to dump injected pages to file.
  • Hex code, with ability to search (hex values, or string ANSI/UNICODE).
  • Assembly code, with ability to navigate.
  • PE Headers (MZ, PE, Optional, ...)
  • RunPE detection, shows which header fields are modified.
  • Checksum validation.
  • PE Sections, with ability to watch hex code and dump to file.
  • PE Debug, with ability to watch hex code and dump to file.
  • PE Imports, with ability to watch APIs assembly code (memory only).
  • PE Exports, with ability to watch APIs assembly code.
  • Hooks detection in imports/exports (table and inline hooks).
  • PE Resources. Able to parse all well known types and display them accordingly (strings, version information, icons, ...)
  • Ability to scan resources, sections, debug on VirusTotal.
  • Executable files detection in resources.
  • Ability to watch hex code of resources.
  • Ability to dump resources to file.
  • PDB path detection.
  • Strings scanner, with classification (Registry, files, ...)
  • Ability to dump all strings (by category or not) to file.
  • Bin2Img (binary to image).
  • Digital Signature parsing (embedded only).
  • Bright or dark theme.
  • Samples Comparator (Premium).
  • Sample Scoring.
  • Maliciousness Indicators.
  • VirusTotal full information.



Please refer to the general documentation.

setup.exe (Installer 32/64 bits)Download 
APEV.exe (32 bits)Download 
APEV.exe (64 bits)Download 
APEV.bin (Linux - 32 bits)Download 
APEV.bin (Linux - 64 bits)Download