PE Tree v1.0.29 releases: Python module for viewing Portable Executable (PE) files

PE Tree

Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.

Features

• Standalone application and IDAPython plugin
• Supports Windows/Linux/Mac
• Rainbow PE ratio map:
  • A high-level overview of PE structures, size, and file location
  • Allows for fast visual comparison of PE samples
• Displays the following PE headers in a tree view:
  • MZ header
  • DOS stub
  • Rich headers
  • NT/File/Optional headers
  • Data directories
  • Sections
  • Imports
  • Exports
  • Debug information
  • Load config
  • TLS
  • Resources
  • Version information
  • Certificates
  • Overlay
• Extract and save data from:
  • DOS stub
  • Sections
  • Resources
  • Certificates
  • Overlay
• Send data to CyberChef
• VirusTotal search of:
  • File hashes
  • PDB path
  • Timestamps
  • Section hash/name
  • Import hash/name
  • Export name
  • Resource hash
  • Certificate serial
• Standalone application;
  • Double-click VA/RVA to disassemble with the capstone
  • Hex-dump data
• IDAPython plugin:
  • Easy navigation of PE file structures
  • Double-click VA/RVA to view in IDA-view/hex-view
  • Search IDB for in-memory PE files;
    • Reconstruct imports (IAT + IDT)
    • Dump reconstructed PE files
    • Automatically comment PE file structures in IDB
    • Automatically label IAT offsets in IDB

Changelog v1.0.29

Fixed VT section MD5 search query string (#8)

• * Initial commit
• * Rekall integration
• * Updated README.md
• * Fixed VT section MD5 query

Download & Use

Copyright (C) 2020 Blackberry