Security News > 2020 > August > PE Tree: Free open source tool for reverse-engineering PE files

PE Tree: Free open source tool for reverse-engineering PE files
2020-08-04 10:16

PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity community.

PE Tree allows malware analysts to view Portable Executable files in a tree-view using pefile - a multi-platform Python module that parses and works with PE files - and PyQt5, a module that can be used to create graphical user interfaces.

The Python-based tool parses PE files and maps them into a tree view, them provides a summery of various headers.

Suspicious findings are highlighted, and analysts can deepen their research by doing a VirusTotal search, export portions of the PE file to CyberChef for further processing, finding and dumping PE files from an IDA database and reconstruct imports, etc.

"The BlackBerry Research and Intelligence team initially developed this open source tool for internal use and is now making it available to the malware reverse engineering community."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/gFx-fYuxQnQ/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Free 9 0 3 1 3 7