ExeScan

ExeScan is a free tool to detect anomalies in Portable Executable (PE) files.

It quickly scans the given executable file and detects all types of anomalies in the PE header fields. Various packers or protectors modify PE header to make reversing harder. There are some kinds of anomalies in PE header that may crash Debugging tools thereby blocking a reversing attempt. Such anomalies can also make some of the GUI based PE analysis tools to fail to parse PE headers.

In above cases the ExeScan can be very helpful to quickly detect such anomalies. Then you can fix them and proceed to further analysis. It can also be used to detect packer/compiler used to pack/build the target executable file. It is a console based tool, so it can be easily integrated with the malware automation suite.

Important Features:

1.       Quick detection of all kinds of anomalies in EXE/PE file.

2.       Console tool makes it easy for automation

3.       Compiler and packer signatures detection

4.       Scan for commonly used malware APIs

5.       PE header and import table structure display

Requirements:

a)      Python ( latest version should be installed)

b)      PEFile ( PE file python module by Ero Carrera)

S R Devanthan
He is currently a Member of the Technical Team of the Blog