www.mzrst.com Open in urlscan Pro
176.9.248.242  Public Scan

Form analysis
0 forms found in the DOM

Text Content

PPEE (PUPPY)

Professionals' Choice

 * Intro
 * Features
 * About
 * Contact
 * Blog

 * Twitter
 * Email


PPEE (PUPPY) IS A PROFESSIONAL PE FILE EXPLORER FOR
REVERSERS, MALWARE RESEARCHERS AND THOSE WHO WANT TO STATICALLY INSPECT PE FILES
IN MORE DETAILS

Puppy is free and tries to be small, fast, nimble and
friendly as your puppy!

Download v1.12
Visual C++ 2010 Redistributable Package required




FEATURES

Puppy is robust against malformed and crafted PE files which makes it handy for
reversers, malware researchers and those who want to inspect PE files in more
details. All directories in a PE file including Export, Import, Resource,
Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load
Config, Bound Import, IAT, Delay Import and CLR (.Net) are supported.


 * Both PE32 and PE64 support
 * Examine YARA rules against opened file
 * Virustotal and OPSWAT's Metadefender query report
 * Statically analyze windows native and .Net executables
 * Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
 * Parse Rich Header
 * Edit almost every data structure
 * Easily dump sections, resources and .Net assembly directories
 * Entropy and MD5 calculation of the sections and resource items
 * View strings including URL, Registry, Suspicious, ... embedded in files
 * Resolve ordinal to name in imported APIs
 * Detect common resource types
 * Extract artifacts remained in PE file
 * Anomaly detection
 * Right-click for Copy, Search in web, Whois and dump
 * Built in hex editor
 * Explorer context menu integration
 * Descriptive information for data members
 * Refresh, Save and Save as menu commands
 * Drag and drop support
 * List view columns can sort data in an appropriate way
 * Open file from command line
 * Checksum validation
 * Plugin enabled


DESCRIPTIVE INFORMATION


PE32 OPTIONAL HEADER


GRAYED OUT ENTRIES


HIGH ENTROPY MALFORMED SECTION


EXPORT DIRECTORY


PE32+ IMPORT DIRECTORY


EASILY DUMP RESOURCE ITEMS


HIGH ENTROPY LOCALE RESOURCE


INVALID DIGITAL SIGNATURE


ARTIFACTS REMAINED IN DEBUG DIRECTORY


THREAD LOCAL STORAGE DATA


SEH-CFG HANDLERS


BOUND IMPORTS DIRECTORY


DELAY LOADED IMPORTS


CRAFTED .NET ASSEMBLY METADATA HEADER


.NET VTABLE FIXUPS


MALICIOUS STRINGS USED IN BINARY


VIRUSTOTAL AND OPSWAT QUERY


UNMANAGED FUNCTIONS USED IN ASSEMBLY


APPLICATION MANIFEST


TEST YARA RULES AGAINST FILE


REGISTRY STRINGS IN FILE


FILTER STRINGS SPECIFIED AS SUSPICIOUS


STRINGS RECOGNIZED AS URL


ABOUT PUPPY

There are lots of tools out there for statically analyzing malicious binaries,
but they are ordinary tools for ordinary files.
Puppy is a lightweight yet strong tool for static investigation of suspicious
files. Two companion plugins are also provided. FileInfo, to query the file in
the well-known malware repositories and take one-click technical information
about the file such as its size, entropy, attributes, hashes, version info and
so on. YaraPlugin, to test Yara rules against opened file.

--------------------------------------------------------------------------------

The whole zip file hash:
MD5: B380F0CBB356F0A4022DCBFFB749FCF3
SHA1: 791EDD8546625437DFB83AA27938E307714E9F68
SHA256: 9EE99220FE876527AAEEC93D9B2C944E64D9C3C9D18AC3E3A52AFD4A7392DA88
Size: 488.14 KiB
Current version: 1.12 (2018-08-17)



Download v1.12


CONTACT

For any comments, bugreports or feature request please e-mail me: info@mzrst.com

 * © 2012-2019 PPEE (puppy) by Zaderostam, All rights reserved.
 * Design: HTML5 UP