Resource Hacker is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit & 64bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on all (Win95 - Win7) Windows operating systems.
Download the program from following location: http://www.angusj.com/resourcehacker/reshack_setup.exe
To analyze an executable, go to the file > open menu and select the executable you want to analyze. Here is an example of what it looks like:
- The left panel shows the different sections
- The right panel shows the content of the section that is selected
- The bottom right panel shows what the image looks like
The above example is the analysis of a variant from the Kazy trojan (https://www.virustotal.com/fr/file/904fae7a8d67b03f503de75dfd1db10cacfe7d47c4f63ce7d67717a1e4e4a87d/analysis/). Section 1 teaches us that the executable has been packed in a fake Mplayer (the default Windows Media Player) executable and that it seems to originate from Russia (section 2).