PPEE – Professional PE file Explorer for reversers & malware researchers

There are lots of tools out there for statically analyzing malicious binaries, but they are ordinary tools for ordinary files.
Puppy is a lightweight yet strong tool for static investigation of suspicious files. A companion plugin is also provided to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on.

Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details. All directories in a PE file including Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.

  • Both PE32 and PE64 support
  • Virustotal and OPSWAT’s Metadefender query report
  • Statically analyze windows native and .Net executables
  • Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
  • Edit almost every data structure
  • Easily dump sections, resources and .Net assembly directories
  • Entropy and MD5 calculation of the sections and resource items
  • View strings including URL, Registry, Suspicious, … embedded in files
  • Extract artifacts remained in PE file
  • Anomaly detection
  • Right-click for Copy, Search in web, Whois and dump
  • Built in hex editor
  • Explorer context menu integration
  • Descriptive information for data members
  • Refresh, Save and Save as menu commands
  • Drag and drop support
  • List view columns can sort data in an appropriate way
  • Open file from command line
  • Checksum validation
  • Plugin enabled

Descriptive information

Export Directory

Malicious string used in binary

Virustotal and OPSWAT query


Visual C++ 2010 Redistributable Package required


The whole zip file hash:
MD5: DADE6B5B5028819D8101D7180A2735CD
SHA1: A961D5A7A91FFF59A622A478DE680BCC99A68E13
Size: 89.82 KB
Current version: 1.08 (2017-03-29)

Experiência em ambientes open source e Pentesting. Atualmente sou freelancer e sempre aberto para participações em projetos e atividades voltadas ao hacking e análise de malwares. Participe do grupo de discussões no Telegram: https://t.me/MalwareReverseBR

Leave a reply:

Your email address will not be published.