# Executables ### API Monitor v2 Alpha Website: Description: Tool to monitor API calls by applications\ Author: Rohitab Batra\ License:\ Version: v2r13\ Notes: ### Bintext Website: Description: Finds Ascii, Unicode, and Resource strings in a file\ Author: Mcafee\ License: Free\ Version: 3.03\ Notes: ### capa Website: Description: FLARE tool to identify capabilities in executables\ Author: Mandiant\ License: Apache License 2.0 ( Version: 6.1.0\ Notes: ### Codetrack Website: Description: .NET Performance Profiler\ Author: Nico Van Goethem\ License: Freeware (see the About section in the application)\ Version: 1.0.3.3\ Notes: No longer maintained ### Cutter Website: Description: Reverse Engineering Platform powered by rizin\ Author: Rizin Organization\ License: GNU General Public License v3 ( Version: 2.3.2\ Notes: ### Decompyle3 Website: Description: Python3 bytecode decompiler\ Author: Rocky R. Bernstein\ License: GNU General Public License v3 ( Version: 3.9.0\ Notes: ### densityscout Website: Description: Tool to identify entropy within files\ Author: Christian Wojner / CERT.at ( License: Internet Software Consortium License (ISCL - Version: Build 45\ Notes: ### DIE (Detect It Easy) Website: Description: Reverse Engineering Engine\ Author: Hors (horsicq)\ License: MIT License ( Version: 3.08\ Notes: Detect It Easy - DIE ### dotPeek Website: Description: .NET Decompiler and Assembly Browser\ Author: JetBrains\ License: EULA ( Version: 2023.2.2\ Notes: ### exeinfope Website: Description: EXE, Packer, Compiler detection\ Author: ExeinfoASL\ License: None Listed\ Version: 0.0.8.1\ Notes: ### File Insight Website: Description: Static file analysis tool\ Author: McAfee / Trellix\ License: Software Royalty-Free License ( Version: 3.0\ Notes: ### FLOSS (FLARE Obfuscated String Solver) Website: Description: Extract obfuscated strings from malware\ Author: Mandiant\ License: Apache License v2.0 ( Version: 2.3.0\ Notes: ### hollows\_hunter Website: Description: Scans running processes for implants and dumps them if found\ Author: hasherezade\ License: BSD 2-Clause Simplified License ( Version: 0.3.6\ Notes: ### IDA Free Website: Description: Binary analysis tool for x86/x64 applications\ Author: hex-rays\ License: Free for Educational, Personal, and non-Commercial use\ Version: 8.3\ Notes: ### ilspy Website: Description: .NET Decompiler\ Author: ICSharpCode ( License: MIT License ( Version: 8.1.1.7464\ Notes: ### KsDumper 11 Website: Description: Kernel Space Dumper utility\ Author: mastercodeon314\ License: None at this time\ Version: 1.0\ Notes: ### MagnetProcessCapture Website: Description: Tool to dump a running process\ Author: Magnet Forensics\ License: EULA\ Version: v13\ Notes: ### MalCat Website: Description: Malware Analysis Tool\ Author: Malcat EL\ License: Version: 0.9.3\ Notes: ### mal\_unpack Website: Description: Dynamic unpacker based on PE-sieve\ Author: hasherezade\ License: BSD 2-Clause Simplified License ( Version: 0.9.7\ Notes: ### Noriben Website: Description: Malware Analysis Sandbox based on Python\ Author: Brian Baskin (Rurik)\ License: Apache License v2 ( Version: 1.8.7\ Notes: ### NTCore Explorer Suite Website: Description: PE Analysis tool suite\ Author: Erik Pistelli\ License:\ Version: IV\ Notes: ### PE-bear Website: Description: Portable Executable reversing tool with a GUI\ Author: hasherezade\ License: GNU General Public License v2 ( Version: 0.6.5.2\ Notes: ### PEiD Website: Description: Portable Executable identifier\ Author: snaker / Qwerton / Jibz\ License: All Rights Reserved\ Version: 0.95\ Notes: ### pe-sieve Website: Description: Scans a process and dumps possible implants\ Author: hasherezade\ License: BSD 2-Clause Simplified License ( Version: 0.3.6\ Notes: ### PEStudio Website: Description: PE Analysis Tool\ Author: Marc Ochsenmeier\ License: As-Is, without warranty ( Version: 9.53\ Notes: ### pev Website: Description: PE Analysis toolkit\ Author: Fernando Merces\ License: GNU General Public License v2.0 ( Version: 0.82\ Notes: ### PortexAnalyzer GUI Website: Description: GUI for PortEx, a Portable Executable and Malware Analysis Library\ Author: Karsten Hahn\ License: Apache License 2.0 ( Version: 0.12.12\ Notes: ### PPEE (puppy) Website: Description: Professional PE file Explorer\ Author: Zaderostam\ License:\ Version: 1.12\ Notes: ### ProcDOT Website: Description: Visual analysis of Windows-based malware\ Author: Christian Wojner\ License: Internet Systems Consortium (ISC - , Version: 1.22 (build 57)\ Notes: Requires Windows Graphviz and Windump/TCPDump, but Windump/TCPDump are not supported on Win10+ ### Process Hacker Website: Description: Process analysis and dumping tool\ Author: Steven G (dmex) / Wen Jia Liu / WinSiderss\ License: GNU General Public License v3 - Version: 2.39.0.124\ Notes: ### PSDecode Website: Description: Powershell script to deobfuscate encoded Powershell scripts\ Author: R3MRUM / CyberCentreCanada\ License:\ Version: 5.0\ Notes: ### Rehex (Reverse Engineers' Hex Editor) Website: Description: Hex Editor with useful tools for Reverse Engineering\ Author: Daniel Collins\ License: GNU General Public License v2 ( Version: 0.60.1\ Notes: ### Resource Hacker Website: Description: Compiler and Decompiler for Windows applications\ Author: Angus Johnson\ License: Freeware ( - License to Use)\ Version: 5.2.1\ Notes: ### scdbg Website: Description: Shellcode analysis tool\ Author: David Zimmer\ License:\ Version: Jul 10 2023 14:21:55\ Notes: ### Scylla Website: Description: Imports Reconstructor written in C/C++\ Author: NtQuery\ License: GNU General Public License v3 ( Version: 0.9.8\ Notes: May not work well on later versions of Windows 10 and any version of Windows 11 ### setdllcharacteristics Website: Description: Manually edit the characteristics of DLL's\ Author: Didier Stevens\ License: Public Domain\ Version: 0.0.0.1\ Notes: ### Total PE 2 Website: Description: PE Viewer\ Author: Pavel Yosifovich\ License: MIT License ( Version: 0.6.5.0\ Notes: ### TrID Website: Description: File identifier based on their binary signatures\ Author: Marco Pontello\ License: Free for personal / non-commercial use\ Version: 2.2.4\ Notes: ### UPX Website: Description: The Ultimate Packer for eXecutables\ Author: Markus Oberhumer, Laszlo Molnar, John Reiser\ License: Multiple Licenses ( Version: 4.1.0\ Notes: ### VB-Decompiler Website: Description: Visual Basic Decompiler\ Author: DotFix Software\ License: Version: 12.2\ Notes: ### WinDbg Website: Description: Windows Debugger\ Author: Microsoft\ License: Third-party notices within app\ Version: 1.2308.2002.0\ Notes: Installed via winget ### Windows Sandbox Website: Description: Windows-based Sandbox Environment\ Author: Microsoft\ License:\ Version: 10.0.19041.985\ Notes: ### x64dbg Website: Description: Open Source x64/x32 debugger for Windows\ Author: Duncan Ogilvie (mrexodia)\ License: GNU General Public License v3 ( Version: 2023-11-18\_02-28\ Notes: