PE-bear Portable Executable reversing tool


PE-bear is a project that can be used for reversing malwares, the tool provides a very useful interface to compare two portable executable files and see the difference. Some of the features are:

  1. views multiple files in parallel
  2. recognizes known packers (by signatures)
  3. fast disassembler – starting from any chosen RVA/File offset
  4. visualization of sections layout
  5. integration with explorer menu

PE-bear v0.2.0 [CUsersuserDesktopPE-bear0.2.0_x64PE-bearScreenshot for PE-bear (click to enlarge)

Users just need to load the PE file that require analyses and you will have several tabs where you can find the PE header section and file preview that allows to identify any abnormal or packed code.

The latest version is 0.2.0 (beta) and can be downloaded on the following link: