NoVirusThanks PE Capture captures PE (portable executable) files and saves a copy of that PE file allowing for a more in-depth analysis.

NoVirusThanks PE Capture captures portable executable files and saves a copy of that PE file allowing for a more in-depth analysis.

It will quickly capture executables, DLLs, and drivers that are loaded on your system as well as logging execution events making it easy to find a specific PE file that was previously captured.

NoVirusThanks PE Capture can be considered a swiss army knife for expediting the malware analysis as it is able to capture all loaded PE files (not just the ones executed) in the system. You can easily capture any image even as it prepares to execute potentially enabling you to capture even PE files that have been copied or moved to a folder, or remapped within the system thus providing a more comprehensive method of overseeing PE files.

NoVirusThanks PE Capture Features:

Simplify Malware Analysis Process
Effectively Capture Non-system Processes, DLLs, Drivers
Exclude Files from Being LoggedCaptured (Support Wildcards)
Log All Execution Events to a Log File
Save Captured PE Files Renamed as Their MD5 File Hash
Very lightweight in memory and CPU usage

 Download