- Joined
- Jan 8, 2019
- Messages
- 56,604
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,446
- Points
- 2,313
- Credits
- 32,560
6 Years of Service
76%
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.
Features
Standalone application and IDAPython plugin
Supports Windows/Linux/Mac
Rainbow PE ratio map:
High-level overview of PE structures, size and file location
Allows for fast visual comparison of PE samples
Displays the following PE headers in a tree view:
MZ header
DOS stub
Rich headers
NT/File/Optional headers
Data directories
Sections
Imports
Exports
Debug information
Load config
TLS
Resources
Version information
Certificates
Overlay
Extract and save data from:
DOS stub
Sections
Resources
Certificates
Overlay
Send data to CyberChef
VirusTotal search of:
File hashes
PDB path
Timestamps
Section hash/name
Import hash/name
Export name
Resource hash
Certificate serial
Standalone application;
Double-click VA/RVA to disassemble with capstone
Hex-dump data
IDAPython plugin:
Easy navigation of PE file structures
Double-click VA/RVA to view in IDA-view/hex-view
Search IDB for in-memory PE files;
Reconstruct imports (IAT + IDT)
Dump reconstructed PE files
Automatically comment PE file structures in IDB
Automatically label IAT offsets in IDB