PE Tree: Free Open Source Tool for Reverse-Engineering PE Files

Saturday August 08, @10:16PM
upstart writes in with an IRC submission:

PE Tree: Free open source tool for reverse-engineering PE files - Help Net Security:

PE Tree allows malware analysts to view Portable Executable (PE) files in a tree-view using pefile – a multi-platform Python module that parses and works with PE files – and PyQt5, a module that can be used to create graphical user interfaces.

[...] The Python-based tool parses PE files and maps them into a tree view, them provides a summery[sic] of various headers. Suspicious findings are highlighted, and analysts can deepen their research by doing a VirusTotal search, export portions of the PE file to CyberChef for further processing, finding and dumping PE files from an IDA database and reconstruct imports, etc.

[...] "The BlackBerry Research and Intelligence team initially developed this open source tool for internal use and is now making it available to the malware reverse engineering community."

[...] [Tom] Bonner noted that this free tool for reverse-engineering is under active development and new features will be added frequently.

More information is available at these Blackberry blog postings: BlackBerry’s Open Source PE Tree Tool for Malware Reverse Engineers and BlackBerry Releases Free Reverse Engineering Tool to Help Fight Cybersecurity Attacks.

  • (Score: 0) by Anonymous Coward on Saturday August 08, @10:22PM

    by Anonymous Coward on Saturday August 08, @10:22PM (#1033661)

    I need an NE one worth a crap.

  • (Score: 1, Informative) by Anonymous Coward on Saturday August 08, @10:24PM

    by Anonymous Coward on Saturday August 08, @10:24PM (#1033663)

    Here [github.com]

  • (Score: 0) by Anonymous Coward on Saturday August 08, @10:29PM

    by Anonymous Coward on Saturday August 08, @10:29PM (#1033665)

    We "hackers" put a lot of work into our malware. These people aren't respecting our intellectual property!

  • (Score: 0) by Anonymous Coward on Saturday August 08, @11:02PM

    by Anonymous Coward on Saturday August 08, @11:02PM (#1033673)

    I spent the last two weeks debugging memory leaks in a PEfile using application. Querying the instance for data will continuously log those queries into an internal structure, which can quickly lead to memory exhaustion.

    Also remember to close the instances when no longer needed, otherwise the data will linger.

