PE-bear
PE-bear is a free, open source portable executable (PE) malware analysis tool. It performs static analysis on Windows executable files to extract metadata and identify suspicious characteristics.
malware
analysis
reverse-engineering
forensics
PE-bear: Portable Executable Malware Analysis Tools
Free, open source portable executable (PE) malware analysis tool for Windows executable files with static analysis and metadata extraction
What is PE-bear?
PE-bear is a free, open source portable executable (PE) malware analysis tool for Windows. It performs static analysis on PE files to extract metadata and identify suspicious characteristics that may indicate the file is malicious.
Features of PE-bear include:
- Extracting PE header information like imports, exports, resources, etc.
- Identifying packing/compression
- Listing strings and functions
- Checking hashes against VirusTotal
- Generating similarity scores against known malware
- Highly customizable configuration for checks against suspicious PE properties
As a portable open source tool, PE-bear is useful for malware analysts and researchers to quickly triage Windows executable files. It generates analysis reports in multiple formats like JSON, XML, HTML, etc. for integration with other tools. As it performs static analysis, PE-bear is safe to run on unknown files and provides a first step towards identifying potentially malicious samples for further analysis.
PE-bear Features
Features
- Static analysis of PE files
- Extraction of metadata from PE headers
- Identification of suspicious characteristics
- Detection of packed/obfuscated code
- Display of import/export tables
- Extraction of resources
- YARA rule matching
Pricing
- Open Source
Pros
Free and open source
Easy to use graphical interface
Portable and lightweight
Supports a variety of file formats
Can be automated via command line
Regularly updated
Cons
Limited to static analysis
Less comprehensive than commercial tools
May miss more advanced obfuscation
Lacks support for some file formats
No built-in dynamic analysis capabilities
Official Links
The Best PE-bear Alternatives
Top Security & Privacy and Malware Analysis and other similar apps like PE-bear
Here are some alternatives to PE-bear:
Suggest an alternative ❐
Resource Hacker
Resource Hacker is a free and open-source resource editing utility for 32-bit and 64-bit Windows applications. It enables developers and power users to view, modify, add, delete and extract resources in Windows PE files such as EXEs, DLLs, CPLs, OCXs and more.With Resource Hacker you can edit resources including icons,...
PE Explorer
PE Explorer is a feature-rich portable executable (PE) file viewer, editor, analyzer, and debugger for Windows. It enables developers, reverse engineers, and malware analysts to examine the structure and components of EXE, DLL, OCX, SYS, and other PE file formats in great depth.With PE Explorer, you can view and edit...
CFF Explorer
CFF Explorer is a powerful tool for examining, editing, and reverse engineering executable files in the Common File Format (CFF). It supports a wide range of file types including EXE, DLL, OCX, SYS, LIB, and more.Some of the key features of CFF Explorer include:Viewing the full structure and hierarchy of...
Hiew
Hiew is a versatile hex editor, disk editor and memory editor software for 32-bit and 64-bit Windows operating systems. It enables users to view, edit, analyze, modify, copy, and manipulate files, disks, and memory in hexadecimal or ASCII.Some of the key features of Hiew include:Supports editing files of any size...
Pestudio
Pestudio is a free portable program for Windows that allows users to scan executable files like EXE, DLL, OCX files to detect viruses, malware, adware, spyware, rootkits and other threats. It utilizes the scanning engines and malware databases of over 30 popular antivirus products and online malware scan services to...
Universal Extractor 2
Universal Extractor 2 is a powerful, free file extraction utility that can unpack files from almost any archive format, including popular types like ZIP, RAR, 7z, ISO, CAB, MSI, NSIS, EXE installers, as well as more obscure and proprietary formats.Some key features include:Supports over 80 different archive and package formats...
Free Resource Extractor
Free Resource Extractor is a lightweight yet powerful resource extraction utility for Windows. It allows you to view and extract a wide variety of resources like images, icons, cursors, audio files, manifests, version info resources, and anything else stored inside executables, libraries, installer packages, and various other file types.With its...
Malcat
Malcat is an open-source malware analysis toolkit designed to help security researchers and incident responders analyze and extract information from malicious files. It provides a modular framework for analyzing different types of files including Portable Executables (PE), MS Office documents, PDF documents, scripts, and memory dumps.Key features of Malcat include:Extracting...
Redwood - resources extractor
Redwood is a free and open source resource extractor tool for web developers and designers. It allows you to easily extract resources such as images, fonts, CSS files, JavaScript files, and more from any website.Simply provide Redwood with a URL and it will analyze the page and allow you to...
Resource Hacker FX
Resource Hacker FX is a free and open-source resource editor and decompiler software for Windows. It allows viewing, extracting, compiling, editing and modifying resources in EXE, DLL, CPL, OCX, screensavers, themes, and more.With Resource Hacker FX, you can edit icons, version info, strings, dialogs, menus, accelerators, images, manifests, toolbar, HTML,...
PPEE (puppy)
PPEE (puppy) is a lightweight Linux distribution designed to revive older computers and run fast on systems with limited resources. It is based on Ubuntu but uses a highly customized setup focused on simplicity and ease of use.By default, PPEE uses the lightweight JWM window manager which consumes fewer system...
EXE Explorer
EXE Explorer is a free, open-source software utility for analyzing and editing Windows portable executable (PE) files such as EXE, DLL, OCX, SYS, MUI, FON, and more.With EXE Explorer, you can view and modify various aspects of EXE files including:PE headers - View and edit fields like machine type, timestamp,...
PE Tools
PE Tools is a comprehensive set of utilities for working with Windows portable executable (PE) files. It allows you to view and edit PE file headers, view and modify sections, view and edit resources, imports, and exports, dump and rebuild files, and more. Some of the key features include:Viewing and...
PEBrowse64 Professional
PEBrowse64 Professional is a powerful Windows application designed specifically for inspecting and analyzing portable executable (PE) files such as EXE, DLL, OCX, SYS, DRIVER, FON, and more. It allows you to examine the internal structure, headers, sections, data directories, imports, exports, resources, and other aspects of 32-bit and 64-bit PE...
HT editor
HT editor is a free, open-source HTML editor for Windows. Developed by Wolfgang Steinwender, it is designed to be a lightweight and easy-to-use editor for creating and editing HTML files.Some key features of HT editor include:Syntax highlighting for HTML, CSS, JavaScript and other web languagesCode completion and linting to aid...
