Hello,
PeStudio is a portable freeware tool for inspecting binaries for 32 or 64 bit applications without having to run. Is able to open different types of files, such as *.exe, *.dll, *.cpl, ocx, *. ax *.sys, and more. The software is able to provide a set of information about the applications, among which we highlight the libraries used, imported, exported and shared functions with other libraries.
PeStudio manages to highlight even obsolete functions which are import and export the application under consideration. Also offers the ability to verify whether the criteria are met by windows security (Data Execution Prevention) and measures of protection against buffer overrun (Address Space Layout Randomization). More analysis options relate to the presence of HTTP connections, PDF file, encryption, compression and log files. The interface consists of a main window divided and sorted in multiple tabs, each of which is used for a specific feature.
NitlovePOS analysis from my thread : http://malwaretips.com/threads/nitlovepos-2015-06-23.47443/
The NitlovePOS malware can capture and ex-filtrate track one and track two payment card data by scanning the running processes of a compromised machine. It then sends this data to a webserver using SSL.
Enjoy
PeStudio is a portable freeware tool for inspecting binaries for 32 or 64 bit applications without having to run. Is able to open different types of files, such as *.exe, *.dll, *.cpl, ocx, *. ax *.sys, and more. The software is able to provide a set of information about the applications, among which we highlight the libraries used, imported, exported and shared functions with other libraries.
PeStudio manages to highlight even obsolete functions which are import and export the application under consideration. Also offers the ability to verify whether the criteria are met by windows security (Data Execution Prevention) and measures of protection against buffer overrun (Address Space Layout Randomization). More analysis options relate to the presence of HTTP connections, PDF file, encryption, compression and log files. The interface consists of a main window divided and sorted in multiple tabs, each of which is used for a specific feature.
NitlovePOS analysis from my thread : http://malwaretips.com/threads/nitlovepos-2015-06-23.47443/
The NitlovePOS malware can capture and ex-filtrate track one and track two payment card data by scanning the running processes of a compromised machine. It then sends this data to a webserver using SSL.
Enjoy
Last edited by a moderator:
