PEiD

NOTE: The official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.It may have been replaced by a utility called YARA.

PEid detects most common packers, cryptors and compilers for PE files (more than 470 different signatures in PE files as of this writing).

Installation

Files you should have:

Files you should have:

.
├── external.txt
├── PEiD.exe
├── plugins
│   ├── GenOEP.dll
│   ├── ImpREC.dll
│   ├── kanal.dll
│   ├── kanal.htm
│   └── ZDRx.dll
├── pluginsdk
│   ├── C++
│   │   ├── defs.h
│   │   └── null.c
│   ├── Delphi
│   │   └── Sample.dpr
│   ├── MASM
│   │   ├── compile.bat
│   │   ├── masm_plugin.asm
│   │   └── masm_plugin.def
│   ├── PowerBASIC
│   │   └── PEiD_Plugin.bas
│   └── readme.txt
├── readme.txt
└── userdb.txt

Signatures you should have:

Update your signatures (initial file is empty). Replace the initial userdb.txt with one found on the net somewhere. As of 12-12-2016, URLs are:

Interface

Main interface

Peid.png

Section Viewer

Peid-ep-section.png

PE disassembler

Peid-1st-bytes.png

PE details

Peid-subsytem.png

Extra information

Peid-menu-1.png

Menu

Screenshot

Peid-menu-2.png

Generic OEP Finder

In some cases, PEiD can find the Original Entry Point (OEP) of a packed executable:

PEiD-generic-oep-finder.png

Krypto Analyzer

Peid-kanal.png