# Executables ### API Monitor v2 Alpha Website: Description: Tool to monitor API calls by applications\ Author: Rohitab Batra\ License:\ Version: v2r13\ Notes: ### Bintext Website: Description: Finds Ascii, Unicode, and Resource strings in a file\ Author: Mcafee\ License: Free\ Version: 3.03\ Notes: ### capa Website: Description: FLARE tool to identify capabilities in executables\ Author: Mandiant\ License: Apache License 2.0 ( Version: 6.1.0\ Notes: ### Codetrack Website: Description: .NET Performance Profiler\ Author: Nico Van Goethem\ License: Freeware (see the About section in the application)\ Version: 1.0.3.3\ Notes: No longer maintained ### Cutter Website: Description: Reverse Engineering Platform powered by rizin\ Author: Rizin Organization\ License: GNU General Public License v3 ( Version: 2.3.2\ Notes: ### Decompyle3 Website: Description: Python3 bytecode decompiler\ Author: Rocky R. Bernstein\ License: GNU General Public License v3 ( Version: 3.9.0\ Notes: ### densityscout Website: Description: Tool to identify entropy within files\ Author: Christian Wojner / CERT.at ( License: Internet Software Consortium License (ISCL - Version: Build 45\ Notes: ### DIE (Detect It Easy) Website: Description: Reverse Engineering Engine\ Author: Hors (horsicq)\ License: MIT License ( Version: 3.08\ Notes: Detect It Easy - DIE ### dotPeek Website: Description: .NET Decompiler and Assembly Browser\ Author: JetBrains\ License: EULA ( Version: 2023.2.2\ Notes: ### exeinfope Website: Description: EXE, Packer, Compiler detection\ Author: ExeinfoASL\ License: None Listed\ Version: 0.0.8.1\ Notes: ### File Insight Website: Description: Static file analysis tool\ Author: McAfee / Trellix\ License: Software Royalty-Free License ( Version: 3.0\ Notes: ### FLOSS (FLARE Obfuscated String Solver) Website: Description: Extract obfuscated strings from malware\ Author: Mandiant\ License: Apache License v2.0 ( Version: 2.3.0\ Notes: ### hollows\_hunter Website: Description: Scans running processes for implants and dumps them if found\ Author: hasherezade\ License: BSD 2-Clause Simplified License ( Version: 0.3.6\ Notes: ### IDA Free Website: Description: Binary analysis tool for x86/x64 applications\ Author: hex-rays\ License: Free for Educational, Personal, and non-Commercial use\ Version: 8.3\ Notes: ### ilspy Website: Description: .NET Decompiler\ Author: ICSharpCode ( License: MIT License ( Version: 8.1.1.7464\ Notes: ### KsDumper 11 Website: Description: Kernel Space Dumper utility\ Author: mastercodeon314\ License: None at this time\ Version: 1.0\ Notes: ### MagnetProcessCapture Website: Description: Tool to dump a running process\ Author: Magnet Forensics\ License: EULA\ Version: v13\ Notes: ### MalCat Website: Description: Malware Analysis Tool\ Author: Malcat EL\ License: Version: 0.9.3\ Notes: ### mal\_unpack Website: Description: Dynamic unpacker based on PE-sieve\ Author: hasherezade\ License: BSD 2-Clause Simplified License ( Version: 0.9.7\ Notes: ### Noriben Website: Description: Malware Analysis Sandbox based on Python\ Author: Brian Baskin (Rurik)\ License: Apache License v2 ( Version: 1.8.7\ Notes: ### NTCore Explorer Suite Website: Description: PE Analysis tool suite\ Author: Erik Pistelli\ License:\ Version: IV\ Notes: ### PE-bear Website: Description: Portable Executable reversing tool with a GUI\ Author: hasherezade\ License: GNU General Public License v2 ( Version: 0.6.5.2\ Notes: ### PEiD Website: Description: Portable Executable identifier\ Author: snaker / Qwerton / Jibz\ License: All Rights Reserved\ Version: 0.95\ Notes: ### pe-sieve Website: Description: Scans a process and dumps possible implants\ Author: hasherezade\ License: BSD 2-Clause Simplified License ( Version: 0.3.6\ Notes: ### PEStudio Website: Description: PE Analysis Tool\ Author: Marc Ochsenmeier\ License: As-Is, without warranty ( Version: 9.53\ Notes: ### pev Website: Description: PE Analysis toolkit\ Author: Fernando Merces\ License: GNU General Public License v2.0 ( Version: 0.82\ Notes: ### PortexAnalyzer GUI Website: Description: GUI for PortEx, a Portable Executable and Malware Analysis Library\ Author: Karsten Hahn\ License: Apache License 2.0 ( Version: 0.12.12\ Notes: ### PPEE (puppy) Website: Description: Professional PE file Explorer\ Author: Zaderostam\ License:\ Version: 1.12\ Notes: ### ProcDOT Website: Description: Visual analysis of Windows-based malware\ Author: Christian Wojner\ License: Internet Systems Consortium (ISC - , Version: 1.22 (build 57)\ Notes: Requires Windows Graphviz and Windump/TCPDump, but Windump/TCPDump are not supported on Win10+ ### Process Hacker Website: Description: Process analysis and dumping tool\ Author: Steven G (dmex) / Wen Jia Liu / WinSiderss\ License: GNU General Public License v3 - Version: 2.39.0.124\ Notes: ### PSDecode Website: Description: Powershell script to deobfuscate encoded Powershell scripts\ Author: R3MRUM / CyberCentreCanada\ License:\ Version: 5.0\ Notes: ### Rehex (Reverse Engineers' Hex Editor) Website: Description: Hex Editor with useful tools for Reverse Engineering\ Author: Daniel Collins\ License: GNU General Public License v2 ( Version: 0.60.1\ Notes: ### Resource Hacker Website: Description: Compiler and Decompiler for Windows applications\ Author: Angus Johnson\ License: Freeware ( - License to Use)\ Version: 5.2.1\ Notes: ### scdbg Website: Description: Shellcode analysis tool\ Author: David Zimmer\ License:\ Version: Jul 10 2023 14:21:55\ Notes: ### Scylla Website: Description: Imports Reconstructor written in C/C++\ Author: NtQuery\ License: GNU General Public License v3 ( Version: 0.9.8\ Notes: May not work well on later versions of Windows 10 and any version of Windows 11 ### setdllcharacteristics Website: Description: Manually edit the characteristics of DLL's\ Author: Didier Stevens\ License: Public Domain\ Version: 0.0.0.1\ Notes: ### Total PE 2 Website: Description: PE Viewer\ Author: Pavel Yosifovich\ License: MIT License ( Version: 0.6.5.0\ Notes: ### TrID Website: Description: File identifier based on their binary signatures\ Author: Marco Pontello\ License: Free for personal / non-commercial use\ Version: 2.2.4\ Notes: ### UPX Website: Description: The Ultimate Packer for eXecutables\ Author: Markus Oberhumer, Laszlo Molnar, John Reiser\ License: Multiple Licenses ( Version: 4.1.0\ Notes: ### VB-Decompiler Website: Description: Visual Basic Decompiler\ Author: DotFix Software\ License: Version: 12.2\ Notes: ### WinDbg Website: Description: Windows Debugger\ Author: Microsoft\ License: Third-party notices within app\ Version: 1.2308.2002.0\ Notes: Installed via winget ### Windows Sandbox Website: Description: Windows-based Sandbox Environment\ Author: Microsoft\ License:\ Version: 10.0.19041.985\ Notes: ### x64dbg Website: Description: Open Source x64/x32 debugger for Windows\ Author: Duncan Ogilvie (mrexodia)\ License: GNU General Public License v3 ( Version: 2023-11-18\_02-28\ Notes: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://digitalsleuth.gitbook.io/win-for-documentation/the-tools/executables.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.