Reverse engineering, static, and dynamic analysis of executables

API Monitor v2 Alpha

Website: Description: Tool to monitor API calls by applications Author: Rohitab Batra License: Version: v2r13 Notes:


Website: Description: Finds Ascii, Unicode, and Resource strings in a file Author: Mcafee License: Free Version: 3.03 Notes:


Website: Description: FLARE tool to identify capabilities in executables Author: Mandiant License: Apache License 2.0 ( Version: 6.1.0 Notes:


Website: Description: .NET Performance Profiler Author: Nico Van Goethem License: Freeware (see the About section in the application) Version: Notes: No longer maintained


Website: Description: Reverse Engineering Platform powered by rizin Author: Rizin Organization License: GNU General Public License v3 ( Version: 2.3.2 Notes:


Website: Description: Python3 bytecode decompiler Author: Rocky R. Bernstein License: GNU General Public License v3 ( Version: 3.9.0 Notes:


Website: Description: Tool to identify entropy within files Author: Christian Wojner / ( License: Internet Software Consortium License (ISCL - Version: Build 45 Notes:

DIE (Detect It Easy)

Website: Description: Reverse Engineering Engine Author: Hors (horsicq) License: MIT License ( Version: 3.08 Notes: Detect It Easy - DIE


Website: Description: .NET Decompiler and Assembly Browser Author: JetBrains License: EULA ( Version: 2023.2.2 Notes:


Website: Description: EXE, Packer, Compiler detection Author: ExeinfoASL License: None Listed Version: Notes:

File Insight

Website: Description: Static file analysis tool Author: McAfee / Trellix License: Software Royalty-Free License ( Version: 3.0 Notes:

FLOSS (FLARE Obfuscated String Solver)

Website: Description: Extract obfuscated strings from malware Author: Mandiant License: Apache License v2.0 ( Version: 2.3.0 Notes:


Website: Description: Scans running processes for implants and dumps them if found Author: hasherezade License: BSD 2-Clause Simplified License ( Version: 0.3.6 Notes:

IDA Free

Website: Description: Binary analysis tool for x86/x64 applications Author: hex-rays License: Free for Educational, Personal, and non-Commercial use Version: 8.3 Notes:


Website: Description: .NET Decompiler Author: ICSharpCode ( License: MIT License ( Version: Notes:

KsDumper 11

Website: Description: Kernel Space Dumper utility Author: mastercodeon314 License: None at this time Version: 1.0 Notes:


Website: Description: Tool to dump a running process Author: Magnet Forensics License: EULA Version: v13 Notes:


Website: Description: Malware Analysis Tool Author: Malcat EL License: Version: 0.9.3 Notes:


Website: Description: Dynamic unpacker based on PE-sieve Author: hasherezade License: BSD 2-Clause Simplified License ( Version: 0.9.7 Notes:


Website: Description: Malware Analysis Sandbox based on Python Author: Brian Baskin (Rurik) License: Apache License v2 ( Version: 1.8.7 Notes:

NTCore Explorer Suite

Website: Description: PE Analysis tool suite Author: Erik Pistelli License: Version: IV Notes:


Website: Description: Portable Executable reversing tool with a GUI Author: hasherezade License: GNU General Public License v2 ( Version: Notes:


Website: Description: Portable Executable identifier Author: snaker / Qwerton / Jibz License: All Rights Reserved Version: 0.95 Notes:


Website: Description: Scans a process and dumps possible implants Author: hasherezade License: BSD 2-Clause Simplified License ( Version: 0.3.6 Notes:


Website: Description: PE Analysis Tool Author: Marc Ochsenmeier License: As-Is, without warranty ( Version: 9.53 Notes:


Website: Description: PE Analysis toolkit Author: Fernando Merces License: GNU General Public License v2.0 ( Version: 0.82 Notes:

PortexAnalyzer GUI

Website: Description: GUI for PortEx, a Portable Executable and Malware Analysis Library Author: Karsten Hahn License: Apache License 2.0 ( Version: 0.12.12 Notes:

PPEE (puppy)

Website: Description: Professional PE file Explorer Author: Zaderostam License: Version: 1.12 Notes:


Website: Description: Visual analysis of Windows-based malware Author: Christian Wojner License: Internet Systems Consortium (ISC -, Version: 1.22 (build 57) Notes: Requires Windows Graphviz and Windump/TCPDump, but Windump/TCPDump are not supported on Win10+

Process Hacker

Website: Description: Process analysis and dumping tool Author: Steven G (dmex) / Wen Jia Liu / WinSiderss License: GNU General Public License v3 - Version: Notes:


Website: Description: Powershell script to deobfuscate encoded Powershell scripts Author: R3MRUM / CyberCentreCanada License: Version: 5.0 Notes:

Rehex (Reverse Engineers' Hex Editor)

Website: Description: Hex Editor with useful tools for Reverse Engineering Author: Daniel Collins License: GNU General Public License v2 ( Version: 0.60.1 Notes:

Resource Hacker

Website: Description: Compiler and Decompiler for Windows applications Author: Angus Johnson License: Freeware ( - License to Use) Version: 5.2.1 Notes:


Website: Description: Shellcode analysis tool Author: David Zimmer License: Version: Jul 10 2023 14:21:55 Notes:


Website: Description: Imports Reconstructor written in C/C++ Author: NtQuery License: GNU General Public License v3 ( Version: 0.9.8 Notes: May not work well on later versions of Windows 10 and any version of Windows 11


Website: Description: Manually edit the characteristics of DLL's Author: Didier Stevens License: Public Domain Version: Notes:

Total PE 2

Website: Description: PE Viewer Author: Pavel Yosifovich License: MIT License ( Version: Notes:


Website: Description: File identifier based on their binary signatures Author: Marco Pontello License: Free for personal / non-commercial use Version: 2.2.4 Notes:


Website: Description: The Ultimate Packer for eXecutables Author: Markus Oberhumer, Laszlo Molnar, John Reiser License: Multiple Licenses ( Version: 4.1.0 Notes:


Website: Description: Visual Basic Decompiler Author: DotFix Software License: Version: 12.2 Notes:


Website: Description: Windows Debugger Author: Microsoft License: Third-party notices within app Version: 1.2308.2002.0 Notes: Installed via winget

Windows Sandbox

Website: Description: Windows-based Sandbox Environment Author: Microsoft License: Version: 10.0.19041.985 Notes:


Website: Description: Open Source x64/x32 debugger for Windows Author: Duncan Ogilvie (mrexodia) License: GNU General Public License v3 ( Version: 2023-11-18_02-28 Notes: