BlackBerry Limited announced that it will be creating a free open-source tool called PE Tree, which can help cybersecurity professionals reverse engineer malware in a shorter time with lesser effort.
The process of reverse engineering malware is known to be extremely time consuming and labour-intensive. This includes disassembling and deconstructing a software program. Initially, the PE Tree tool was developed by the BlackBerry Research and Intelligence Team for internal use but is now making it available for the engineering community.
“As cybercriminals up their game, the cybersecurity community needs new tools in their arsenal to defend and protect organizations and people. We’ve created this solution to help the cybersecurity community in this fight, where there are now more than 1 billion pieces of malware with that number continuing to grow by upwards of 100 million pieces each year,” said Eric Milam, Vice President of Research Operations, BlackBerry.
The tool allows reverse engineers to view Portable Executable (PE) files in a tree-view using pefile and PyQt5, which lowers the bar for dumping and reconstructing malware from memory while providing an open-source PE viewer code-vase that the community can build on. The PE Tree also integrates well with Hex-Rays’ IDA Pro decompiler to allow for easier navigation of PE structures, as well as dumping in-memory PE files and performing import reconstruction which is very vital in identifying and stopping malware. PE Tree was made in Python and supports Linux, Mac and Windows OS. It can also be run as an IDAPython plugin or a standalone application.
For more information about the PE Tree, click here.
Related posts
Stay connected
Reviews
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…