pestudio is used by many Computer Emergency Response Teams (CERT) worldwide in order to perform Malware Initial Assessment.
Malicious software often attempts to hide its intents in order to evade early detection and static analysis. In doing so, it often leaves suspicious patterns, unexpected metadata, anomalies and other valuable indicators.
The goal of pestudio is to spot these artifacts in order to ease and accelerate Malware Initial Assessment. The tool uses a powerful parser and a flexible set of XML configuration files that are used to detect various types of indicators and classify items. Since the file being analyzed is never started, you can inspect unknown or malicious executable file, trojan, ransomware and APT samples without any risk of infection.