Adlice PEViewer is a PE parsing tool helping you in your everyday malware analysis and debugging. Learn how it works and how amazing it can be.
Yara has become a pretty popular standard in the Anti-malware industry to write signatures for malware detections. Many Anti-malware vendors, sandboxes vendors, HIPS vendors, CERTs or IT administrators are using rules to either detect malware based on the file, or to analyze network packets and trigger an alert when something malicious occurs.
Yara is a signature syntax and scanning engine, it’s available with a library or a bunch of scripts. We, at Adlice Software, are specialized in making Yara easy and convenient to use. We are offering a desktop application to write, organize and test your rules into a local database, or in text files.Details
Adlice PEViewer is a software used by many researchers at Antivirus companies or CERT worldwide in order to perform malware static analysis.
Malicious software sometimes try to hide their goals to evade detection and static analysis. By doing so, they leave indicators, metadatas and suspicious modifications behind.
Adlice PEViewer searches and lists these artifacts to help researchers making up their mind on a suspicious file. The software uses robust PE parser as well as analysis engine and heuristics detections to build these indicators.
PEViewer also relies on 3rd party scanners like VirusTotal for which it displays the results, and on an in-house Artificial Intelligence (MalPE). All of this together allows the tool to build severity scores.Details