2017-07-25 06:32 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0003963Kali Linux[All Projects] New Tool Requestspublic2017-04-19 12:58
ReporterCapsLock 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
StatusnewResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0003963: PPEE - Professional PE Explorer
DescriptionPPEE (puppy) is a Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more detail.

Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details. All directories in a PE file including Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.

A companion plugin is also provided to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on.

Features:
    Both PE32 and PE64 support
    Virustotal and OPSWAT's Metadefender query report
    Statically analyze windows native and .Net executables
    Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
    Edit almost every data structure
    Easily dump sections, resources and .Net assembly directories
    Entropy and MD5 calculation of the sections and resource items
    View strings including URL, Registry, Suspicious, ... embedded in files
    Extract artifacts remained in PE file
    Anomaly detection
    Right-click for Copy, Search in web, Whois and dump
    Built in hex editor
    Explorer context menu integration
    Descriptive information for data members
    Refresh, Save and Save as menu commands
    Drag and drop support
    List view columns can sort data in an appropriate way
    Open file from command line
    Checksum validation
    Plugin enabled
Additional InformationHomepage: https://www.mzrst.com/
It's also included in BlackArch Linux(https://blackarch.org/windows.html)
Attached Files

-Relationships
+Relationships

-Notes
There are no notes attached to this issue.
+Notes

-Issue History
Date Modified Username Field Change
2017-04-19 12:58 CapsLock New Issue
+Issue History