ExeScan - PE File Anomaly Detector Tool

About ExeScan

ExeScan is the FREE console based tool to detect anomalies in PE (Portable Executable) files. It quickly scans givenexecutable file and detect all kind of anomalies in its PE header fields including checksum verifications, size of various header fields, improper size of raw data, non-ascii/empty section names etc.

Various packers/protectors modify PE header to make reversing harder. Sometimes anomalies in PE header may crash Debugging tools thereby blocking your attempt to reversing. Such anomalies can also make some of the GUI based PE analysis tools to fail to parse PE headers. 

In such cases ExeScan can come handy by helping you to quickly detect such anomalies. Then you can fix them and proceed to further analysis of malware. 

In addition to finding various anomalies, it can also detect packer/compiler used to pack/build the target executable file. Beingconsole based tool, you can easily integrate it with your malware automation suite. 

Features of ExeScan

Here are the main feature highlights

Quickly detect all kind of Anomalies in EXE/PE file. Console tool makes it easy for automation. Compiler and Packer signatures detection Scan for commonly used malware APIs PE header and Import table structure dispaly

Requirements  ExeScan requires following components  Python - Install latest version of Python. PEFile - PE File Python Module by Ero Carrera  Using ExeScan ExeScan is very simple and easy to use.   Here are the brief usage details  Before you launch - make sure you have installed all the above mentioned requirements.  Next launch command prompt (start=>Run=>cmd.exe) and move to directory where you have extracted ExeScan file  Then type 'exescan.py -a <path to exe file>' and instantly it will show all the anomalies along with other PE information as shown in the screenshot below.   Screenshots of ExeScan Here is the screenshot of ExeScan detecting various anomalies in packed PE file

 

Download ExeScan