![]() ![]() Sometimes it is not trivial (such as custom packer, etc), so it depends on the executable itself. As matter of facts, these identifications tool (DIE, ExeInfoPE, etc) uses this differences inside their signatures to figure out what it is made of. Another example is for VMProtect binaries, which usually it will have PE section name such as "vmp0", "vmp1" and so on. For example, for PyInstaller generated executables, if you look into the strings extracted by Detect It Easy, there will be some such as "zPYZ-00.pyz", "mpyimod01_os_path", "spyiboot01_bootstrap", etc., which then you can google them and see if there are any matches / old article that can tell you what it is. PeStudio runs on any Windows Platform and is fully portable, no installation is required. A file being analyzed with PeStudio is never launched, therefore you can evaluate unknown executable and even malware with no risk. Another tool that I usually use is ExeInfoPE, and I think it can tell if the program is produced by PyInstaller.Īnother trick is to look around and see if there are any peculiarities/differences that normally doesn't exist in other executable. PeStudio is a free tool that allows you to do the static investigation of any Windows executable binary. ![]() It depends on the tool that you used itself, if it has signatures/patterns that can tell from which compiler is used to build the final executable. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |