PE TREE: How Covid19 Spurred A New Malware Reverse Engineering Tool

Register Now for On-demand Webinar

State

Province

By completing this form, you agree to BlackBerry processing your personal data for the purpose of contacting you about the software or service you have selected.

Yes, I would like to receive communications about BlackBerry products, services and events. By selecting this box I agree to BlackBerry processing my personal data in order to keep me informed through such communications. I understand BlackBerry may also use my registration information to build a profile of my interests to help create a more personalized experience for me. View the BlackBerry Privacy Policy for details, or unsubscribe at any time.

Enjoy the webinar!

Are you sure you don't want to stay in touch?

If you'd like to receive communications from us, please select the box above. You can always update your preferences later from our Privacy Policy. If the box is left blank, your information will NOT be collected by BlackBerry.

Download Now

Error submitting form. Please try again later.

Summary

PE Tree is a new open-source tool developed by the BlackBerry Research and Intelligence team for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Aimed at the reverse engineering community, PE Tree also integrates with HexRays’ IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping in-memory PE files and performing import reconstruction.

In this webinar, Tom Bonner, the author of PE, will demonstrate the basic operation of PE Tree, as well as IDA Pro and Rekall integration, dumping PE files from memory and reconstructing imports.

During the talk, Tom will also discuss why this is so important for security engineers and share the origin story of the tool which was inspired by his son who has been stuck at home with him due to COVID-19. .

Speaker

Tom Bonner

Distinguished Threat Researcher
BlackBerry