PeStudio 8.5.1 update introduces extended Virustotal support
PeStudio is a helpful portable program for Windows to analyze executable files before they are run on the system.
The program scans the program for relevant information, strings and resources for instance, and displays all information in its interface after the scan.
In addition to local scans, it is querying Virustotal to report the service's findings as well.
The most recent version of the program, version 8.51, extends the support by displaying Virustotal scores for hardcoded URLs to the report its generates and a network watchdog to update Virustotal scores automatically.
This adds another option to the program to catch a malicious program before it is run on the system. While the executable file may come up clean, URLs it tries to connect to may be identified by Virustotal as malicious.
While you can scan any type of file using the program, it is most useful when you drag and drop executable files in its interface.
The majority of scans don't take long and results are displayed immediately afterwards in the interface. The results of the Virustotal scan are listed right underneath the indicators listing which offers a summary of the most important findings of the analysis.
Areas of interest are highlighted in red or orange in the interface so that you know where to look at for further clues.
The findings are highly technical and may make little sense to most users. While that is the case, it is still a useful program considering that it is lightweight and portable. Even if you only use if to the Virustotal scan -- that includes hardcoded URLs now -- it may be worth it as it may be faster than running the same scan on the official website or using third-party applications that offer Virustotal scans as well.
The version 8.5.1 changelog lists additional fixes and improvements that include the detection of pipes which may help you get a better understanding of what a file is doing on the system.
Interested users can download the latest PeStudio version from the developer website.
Well, to avoid malware, regular Windows users should learn how to test an unknown file on a VMware Station, always scan the downloaded items via an up-to-date virus protection. Of course, we cannot fully rely on VT, as there are your chances of receiving false alarm. as for the said term, you guys can learn more from this post http://www.smh.com.au/it-pro/security-it/kaspersky-faked-malware-to-harm-rivals-exemployees-claim-20150817-gj0joh.html
1. That Kaspersky story was FUD. Do some research. Not one confirmed fact.
2. bluepill defeats VMs.
3. Malware can be designed to lie dormat and may appear perfectly harmless.
VT is probably your best bet if you can’t read the source.
Any one that like to use VirusTotal many also wanna checkout hybrid-analysis, Martin review it sometime last year or this year can’t really remember and I fine it nice to have two web apps to use in comparison.