Are you looking for a tool to analyze Windows Portable Executable (PE) files? Consider using pedump a ruby win32 PE binary file analyzer. It currently support DOS MZ EXE, win16 NE and win32/64 PE.
There are several ways to install the ruby package; however, the simplest way is to execute "gem install pedump" from a Linux workstation. You can also download the file here or use the pedump website to upload your file for analysis. This example shows the output from the pedump website.
You can obtain the same results as this output with the command line version by executing "pedump --all SetupCasinoRoyal.exe".
The command line version doesn't currently have foremost, hexdump or the disassembler function. However, you can get the same hexdump output by executing "hexdump -C SetupCasinoRoyal.exe" from your Unix system.
guy@seeker:~/malware/casino$ hexdump -C SetupCasinoRoyal.exe |more
This tool provides an easy way to dump headers, find packers and resources used by exe and dll, in the end providing a quick look inside suspicious PE file.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Jul 5th 2014
5 years ago
Click here to download is triggering virus alerts
Feb 25th 2015
4 years ago