PE Capture is a handy Windows OS utility useful mainly to capture PE files, such as
executables, DLLs and drivers, loaded in the system.
It captures a copy of the loaded PE file (renamed as its file hash) on the “Intercepted” folder for further analysis, moreover it logs the execution
events to easily find a specific PE file previously captured. A swiss army knife to speed-up the malware analysis by
capturing the PE files executed in the test environment.
For Windows 7 SP1, 8, 8.1, 10, 11 (32/64-bit)
This Windows application is a great help in malware analysis but also in monitoring
for PE files loaded in the system. The log files (that can be saved also on Windows Event Viewer) can help IT analysts on a post-infection and incident response to find out all PE files (EXE, DLL, SYS) loaded in the system and spot the potentially malicious one.
Can save to a .log file all PE files (EXE, DLL, SYS) loaded in the system.
Can capture the PE files into a specific folder for further analysis.
We included an option to send the logged events to Windows Event Viewer.
View PE file path, MD5 hash, file size, file publisher, file company and signer.
With the Configurator GUI you can easily change the program settings.
Data logged by this tool is useful for post-infection and incident response.
Here there are some screenshots of the application.
Here you can find what we have changed and updated.
We constantly improve our products with bugs fixes, improvements and new features.
Subscribe to newsletter to receive news on your email.
[09-Apr-2023] v1.5.0.0 + Improved installer and uninstaller scripts + Updated NoVirusThanks License Manager to latest version + Minor fixes and optimizations + Updated internal libraries [12-Jul-2022] v1.4.0.0 + Added Do Not Capture Microsoft-Signed Files + Added Do Not Capture Files Signed by Trusted Vendors + Added Do Not Capture Files from C:\Program Files\WindowsApps\* + Added Do Not Capture Files from C:\Windows\WinSxS\* + Added Do Not Capture Files from C:\Windows\assembly\* + Updated NoVirusThanks License Manager to latest version + Minor fixes and optimizations + Updated internal libraries [11-Jun-2022] v1.3.0.0 + Improved support for Windows 11 + Created a simple Configurator GUI application + Included PE file size, file publisher and file description + Fixed an incompatibility with Intel 11th Gen processors + Support UTF8 encoding in Config.ini file + Support UTF8 encoding in Exclusions.db file + Improved deletion of log files older than N days + Added option Log to Windows Event Viewer + Added option Include PE File Signer in Events Details + Added option Skip Files Larger Than 50 MB + By default the program runs in 30-days trial mode + Automate product activation via setup.exe command-line /LICENSEKEY= + Integrated NoVirusThanks License Manager + Created installer/uninstaller scripts + Changed End User License Agreement (EULA) + Minor fixes and optimizations
Version | 1.5 |
---|---|
Last Updated | April 09, 2023 |
Operating System | Windows 7 SP1, 8, 8.1, 10, 11 (32/64-bit) |
License Type | Shareware |
Setup File Size | ~44 MB |
Install Size | ~10 MB |