From aldeid
Jump to navigation Jump to search


pescan is a command line tool to scan portable executable (PE) files


  1. Go to
  2. Choose your flavor (Windows, Linux, Mac OS X)
  3. Accept the licence
  4. Uncompress the archive


 pescan32 [--help] [/?] [-?]
 pescan32 <pefile> [-peid <peid file> [-csv] | -msg_table | -wevt_temp]


$ ./pescan32 /data/tmp/Lab01-04.exe -peid /data/tools/PEiD/UserDB.TXT
License is authenticated for personal (non-commercial/non-business) use
and registered to Demo; TZWorks LLC
pescan - limited ver: 0.18; Copyright (c) TZWorks LLC
run time: 06/24/13 18:38:45.335 [GMT]

File selected:  /data/tmp/Lab01-04.exe
Company name:   <unk>
Compile date:   08/30/19 22:26:59.000
PE type:        32 bit - exe
Linker version: 6.0
Min OS version: NT4
Entrypoint RVA: 0x000015cf [5583] - Translated: 0x000015cf [5583]
Imagebase:      0x00400000 [4194304]

Overall rating (based on notes below): 6
Note:  Version information not present
Note:  At least one resource contains MZ signature (possible embedded PE file)
Note:  Debug section not present (or erased)
Note:  [1] other item identified (details not available in this version)
PEiD signature found: [Armadillo v1.71] at offset 000015cf