Published on June 30th, 2017 | by MaxiSoler


PPEE v1.09 – Professional PE file Explorer

PPEE (puppy) is a Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details. Puppy is free and tries to be small, fast, nimble and friendly as your puppy!

Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details.

All directories in a PE file including Export, Import, Resource, Exception, Certificate (Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.

Main Features:

  • Both PE32 and PE64 support
  • Examine YARA rules against opened file
  • Virustotal and OPSWAT’s Metadefender query report
  • Statically analyze windows native and .Net executables
  • Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
  • Edit almost every data structure
  • Easily dump sections, resources and .Net assembly directories
  • Entropy and MD5 calculation of the sections and resource items
  • View strings including URL, Registry, Suspicious, … embedded in files
  • Detect common resource types
  • Extract artifacts remained in PE file
  • Anomaly detection
  • Right-click for Copy, Search in web, Whois and dump
  • Built in hex editor
  • Explorer context menu integration
  • Descriptive information for data members
  • Refresh, Save and Save as menu commands
  • Drag and drop support
  • List view columns can sort data in an appropriate way
  • Open file from command line
  • Checksum validation
  • Plugin enabled

More Information: here

Thanks to the Puppy Team for sharing this tool with us.

Tags: , , , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑