PEStudio – Malware Initial Assessment Tool

Malware remain to be one of the top threats to Information system. The range of damage extends from the misuse of resources to data espionage or file destructive activities. For security experts interested in analyzing harmful files PEStudio can be the right tool to use. The tool is used by many Computer Emergency Response Teams (CERT) worldwide in order to perform Malware Initial Assessment.


PEStudio Installation is straightforward and it will be by just unpacking the archive file. Classic installation on windows operating system is not required and the tool leaves no traces on the system. some of the features are:

  • Query Antivirus engines hosted by Virustotal. This feature can be switched ON or OFF using an XML file.
  • Retrieves the libraries and the functions referenced. Several XML files are used to blacklist functions (e.g. Registry, Process, Thread, File, etc). Blacklist files can be customized and extended according to your own needs.
  • Detects many embedded file types (e.g. EXE, DLL, SYS, PDF, CAB, ZIP, JAR, etc ). Detected items can be saved to a file, allowing therefore the possibility of further analysis.
  • The goal of pestudio is to allow investigators to analyze unknown and suspicious executable files.
  • Graphical User Interface (GUI) and Command prompt (CLI) available.

You can read more and download this free tool over here:

Notify of
Inline Feedbacks
View all comments