Indicators given as a result of the analyzed images are grouped into categories according to their severity. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk. Since the target file is never launched during the course of the investigation, you can safely evaluate the file, in addition to malware, without risk. Please contact the author, to get more information about the license models. PeStudio is a portable tool that performs malware assessments on executable files. For this sake, a Software Development Kit (SDK) can be acquired on a license basis. The parser provides access to all data of the files being inspected as well as consolidated Information and Notifications that can be also consumed by other products. As far as the parsing is concerned, this task is made at the RAW level, which has the advantage that the parser can be easily ported to run on other operating systems.
No third party library or any Windows library is used to parse Executable. This parser has been completely designed and implemented by the author. The underlying layer is called PeParser, which is the engine performing the parsing of the Executable files being analysed.
Considering the general software architecture, pestudio is a consumer of a set of private interfaces provided by the underlying layer. In this case, it is recommended that, during runtime analysis, the analyst pays close attention to the files that are written on the disk.
0 kommentar(er)
