PPEE (puppy) is a professional-grade PE file Explorer allowing malware researchers, and reversers a way to inspect PE files in more significant detail statically.

PPEE (puppy) is a professional-grade PE file Explorer allowing malware researchers, and reversers a way to inspect PE files in more significant detail statically.

PPEE can be efficiently used against malformed and crafted PE files making it essential for reversers, malware researchers as well as regular users who just want to inspect PE files for more details. PPEE supports Base Relocation, Certificate(Relies on Windows API), Debug, Export, Exception, Import, Resource, TLS, Load Config, Bound Import, IAT, Delay Import, and CLR.

There are a number of tools available for statically analyzing malicious binaries, but they are predominantly common tools for use with ordinary files. PPEE is a powerful but lightweight tool for performing static investigations of suspicious files easily. PPEE also includes companion plugins; FileInfo, which allows you to query the file in the well-known malware repositories and take one-click technical information like size, entropy, attributes, hashes, version info, etc. And YaraPlugin, this can be utilized to test the Yara rules against opened files.

  Download