Peid
PEiD: Portable Executable Identifier Tool
A popular portable executable identifier tool for Windows, detecting most common packers, cryptors and compilers for PE files, useful for malware analysis and reverse engineering.
What is Peid?
PEiD is a popular portable executable identifier and analysis tool for Windows operating systems. It is primarily used to detect packers, cryptors, and compilers used on executable PE files such as EXE and DLL files.
When analyzing an unknown executable file, especially in malware analysis or reverse engineering, it is important to identify any packaging or protection applied to the file. Packed or encrypted files need to be unpacked or decrypted first before the actual payload can be analyzed.
PEiD has an extensive built-in signature database to detect most common packers like UPX, ASProtect, Themida, as well as cryptors like CryptPE, Yoda's Crypter, etc. It can also identify compilers and programming languages used to build the executable file.
One of the key features of PEiD is its plugin architecture that allows users to write custom signatures and extend its detection capabilities. There is an active community behind PEiD updating its signature database for new and modified packers.
PEiD provides a user-friendly graphical interface to view the detection results. It has options to dump unpacked executable code, rebuild imports, and perform other advanced tasks. Overall, it is one of the essential tools for any malware analyst or reverse engineer working on Windows platform.
Peid Features
Features
- Detects most common packers, cryptors and compilers
- Lightweight and portable
- Supports a variety of file formats like EXE, DLL, OCX, SYS, etc.
- Plugin architecture allows extending functionality
- Command line interface available
- Integrates with other tools like OllyDbg
Pricing
- Free
- Open Source
Pros
Cons
Official Links
The Best Peid Alternatives
Top Security & Privacy and Malware Analysis and other similar apps like Peid
ExEinfo PE
