Is this a 32-bit or 64-bit PE executable? Populate the following table using information from PEStudio: Question Is there a suspicious lack of any strings at all?įor additional information on the capabilities of PEStudio, see PeStudio Standard.What strings (ASCII and UNICODE) exist in the file?. Is there a suspicious lack of system calls?.Which of those are commonly used in malware?.What system libraries does the binary import?.Does the binary use Structured Exception Handling (SEH)?.What resources does the binary contain? Do any items in the resource section match common file types? (EXE, DLL, ZIP, JAR, etc.).Are the section names abnormal or unique in any way?.Are any code sections suspiciously marked as read-write- execute? Perhaps malware will unpack a payload there.What is their entropy? (might indicate compressed code).What code sections exist in the binary?.
0 Comments
Leave a Reply. |