PEiD

by Black on February 23, 2009

in Malware Analysis, Reverse Engineering

What do you do when you have an exe to be examined for infections? You either load it into your VM or, open it up with your favourite Hex editor. But, what if you do not have a VM and the executable is encrypted/packed? You examine it with PEiD!

PEiD is special in some aspects when compared to other identifiers already out there!

1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag’n'Drop capabilities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.

In addition to these features, there are a lot many plugins that are already programmed by some fabulous programmers.

Now, the latest version is PEiD 0.95. Download it: here

It is one of those few tools that are all in one – compiler detector, cryptor detector, packer detector! This tool can also be used as a reverse engineering tool with the number of plugins that it supports! All you need to do is load the exe in PEiD and the rest is history! There are also some forums which deal specifically with the PEiD database. They provide their own packer information for you all to copy and use it in your file.

Related Blogs

  • Related Blogs on Cryptor

Related Posts

Tagged as: , , , ,

Comments on this entry are closed.

Previous post:

Next post: