PE Tree: How Covid19 Spurred a New Malware Reverse Engineering Tool

Virtual October 21, 2020 10:10 am - 10:50 am Feedback     

Bookmark and Share

Tom Bonner

PE Tree is a new open-source tool developed by the BlackBerry Research and Intelligence team for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Aimed at the reverse engineering community, PE Tree also integrates with HexRays’ IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping in-memory PE files and performing import reconstruction. In this session the author of PE will demonstrate the basic operation of PE Tree, as well as IDA Pro and Rekall integration, dumping PE files from memory and reconstructing imports. During the talk, he’ll also discuss why this is so important for security engineers and share the origin story of the tool which was inspired by his son who has been stuck at home with him due to COVID-19.