What is it?
PE-Bear is a new project aimed at reversing executable or PE files.
Objective: to deliver a fast and flexible “first view” tool for malware analysts. Stable and capable of handling malformed PE files.
Download
The latest version is 0.2.5 (beta), released: 26.09.2013:
*requires Microsoft Visual C++ 2010 Redistributable Package, available here:
Redist 32bit
Redist 64bit
Features and details
- handles PE32 and PE64
- views multiple files in parallel
- recognizes known packers (by signatures)
- fast disassembler – starting from any chosen RVA/File offset
- visualization of section layout
- selective comparison of two chosen PE files
- integration with the Windows Explorer menu
- and more…
Official Site: http://hshrzd.wordpress.com/pe-bear/
PE Bear’s GitHub: https://github.com/hasherezade/pe-bear-releases/releases/