Friday, April 1, 2016

PE Capture

PE Capture is a Windows software application useful mainly to capture PE files, such as executables, DLLs and drivers, loaded in the system. It saves a copy of the loaded PE file (renamed as its file hash) on the “Intercepted” folder for further analysis, moreover it logs the execution events to easily find a specific PE file previously captured.

There are two versions of this tool, a completely free version and a second one that runs as a Windows service called PE Capture Service. The service offering is free for personal use but a license is required for deployments in corporate environments.

http://www.novirusthanks.org/products/pe-capture/

http://www.novirusthanks.org/products/pe-capture-service/

https://isc.sans.edu/diary/Hunting+for+Executable+Code+in+Windows+Environments/20745

No comments:

Post a Comment