The Imports section shows the functions called from external libraries by the application. The Libraries section shows the different libraries (DLL files) loaded by the PE file when it is run. The Headers section shows you the information related to the different header sections for the PE file. The results from VirusTotal are displayed at an amazingly fast speed. If you want to check what VirusTotal has to say about the file, then you can select the VirusTotal option. It would instantly analyze the file and show you the results. But you can just drag and drop a PE file (or any other file) onto the PeStudio window. It does not offer any menubar or toolbar to select a file. After downloading it, extract the contents of the ZIP archive to a folder and double-click on the file PeStudio.exe to run it. The download is less than one megabytes in size. You can download the PeStudio from the winitor web site. If you want to analyze the suspicious files right on your desktop then you can use the freeware tool called PeStudio which can give you detailed information about PE (portable executable) files similar to VirusTotal. The VirusTotal site not only checks an uploaded file for malware but it also analyzes its various aspects like the file type, the compiler type, resources embedded, PE sections and more. What do you do when you find a suspicious looking file on your computer? If you are smart, then you upload it to the VirusTotal site and see if it is malicious in nature and if it turns out to be a malware then you get rid of it.
0 Comments
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |