whether some sections are compressed, and more.whether Structured Exception Handling - SEH Windows security mechanism is used.whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used.It provides so much information about the sample and gives me a wealth of information for me to start building out my report. Whenever I begin analysing a piece of malware, I will always load it into PeStudio first. whether the Data Execution Prevention (DEP) Windows security mechanism is used. PeStudio is a tool used for statically analyzing malware and is one of my favourite tools for malware analysis.Obsolete Functions that are exported and imported by an application.all functions that are forwarded to other libraries.A File Being Analyzed With PeStudio Is Never. all functions (also anonymous) that are exported by an application. PeStudio Is A Free Tool Performing The Static Analysis And Investigation Of Any Windows Executable Binary.all functions that are imported by an application. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |