The EasyDiskDriveRepair.exe strings table was particularly telling. Malware can easily hide these, and there will be plenty of binary junk included as well, but PeStudio tries to help by highlighting “blacklisted” strings, words which are common to malware. If a program is supposed to be portable, say, but PEStudio says it modifies the Registry, then you might wonder why.Ĭlicking "Strings" displays various text strings contained within the executable. There’s nothing automatically dubious about any of these things, but just take a moment to think about whether your program really needs to carry them out. Starts child processes (that is, launches other programs) and interacts with Windows services. We were told that PEStudio modifies the Registry, for instance. These are generally very technical and you shouldn’t expect to understand all (or even most) of them, but there’s still useful information to consider.
If you’ve used VirusTotal before then you’ll know this isn’t uncommon - false positives are likely when you combine so many engines - but it’s something to keep in mind.Ĭlicking "Indicators" in the tree highlighted some possible concerns about the EasyDiskDriveRepair.exe file.
This displayed a VirusTotal score of 2/ 57, indicating that only two antivirus engines had raised an alert over the program. It has been providing services for investigations since then and is used in the SANS Training FOR610 course and referenced in many articles and videos.We dragged and dropped EasyDiskDriveRepair.exe onto PeStudio and an initial analysis appeared in a tree to the left. The development of pestudio started in 2009.
0 kommentar(er)
