PPEE (puppy) is a Professional PE file Explorer for
reversers, malware researchers and those who want to statically inspect PE files in more details
Puppy is free and tries to be small, fast, nimble and
friendly as your puppy!
Features
Puppy is robust against malformed and crafted PE files which makes it handy
for reversers, malware researchers and those who want to inspect PE files in more details.
All directories in a PE file including Export, Import, Resource, Exception, Certificate(
- Very fast malware static analysis tool
- Both PE32 and PE64 support
- Examine Yara rules against opened file
- Virustotal and OPSWAT's Metadefender query report
- Statically analyze windows native and .Net executables
- Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
- Parse Rich Header
- Parse Safe SEH, Control Flow Guard Functions, Enclave Configuration and Volatile information in load config directory
- Edit almost every data structure
- Easily dump sections, resources and .Net assembly directories
- Entropy and MD5 calculation of the sections and resource items
- Entropy, SSDEEP, TLSH, CRC32, ImpHash, MD5, SHA1, SHA256 and Authentihash calculation of the files
- View strings including URL, Registry, Suspicious, ... embedded in files
- Resolve ordinal to name in imported APIs
- Demangle (undecorate) mangled import/export APIs
- Detect common resource types
- Extract artifacts remained in PE file
- Anomaly detection
- Right-click for Copy, Search in web, Whois and dump
- Easily access recent opened files
- Built in hex editor
- Explorer context menu integration
- Descriptive information for data structures
- Refresh, Save and Save as menu commands
- Open file by drag and drop
- List view columns can sort data in an appropriate way
- Open file from command line
- Checksum validation
- Plugin enabled
About puppy
There are lots of tools out there for statically analyzing malicious binaries,
but they are ordinary tools for ordinary files.
Puppy is a lightweight yet strong tool for static investigation of suspicious files.
Two companion plugins are also provided. FileInfo, to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on. YaraPlugin, to test Yara rules against opened file.
The whole zip file hash:
MD5: EB97A7D3CCA480D363D5F0071E1A745F
SHA1: C25539771CDB3BAB0F4E9E76209F51BB823EBB70
SHA256: B82A1CD2753BD7986AA260ABC5DBFDEA1C9AB1DE89FBDC929EA456C17E71CE1A
Size: 1.84 MiB
Current version: 1.13.1 (2023-11-10)
Contact
For any comments, bugreports or feature request please e-mail me: [email protected]