OSArmor Win Update Stop Service Status Newsletter Twitter Facebook

PE Capture v1.4

PE Capture is a handy Windows OS utility useful mainly to capture PE files, such as
executables, DLLs and drivers, loaded in the system. It captures a copy of the loaded PE file (renamed as its file hash) on the “Intercepted” folder for further analysis, moreover it logs the execution events to easily find a specific PE file previously captured. A swiss army knife to speed-up the malware analysis by capturing the PE files executed in the test environment.

For Windows 7 SP1, 8, 8.1, 10, 11 (32/64-bit)

app screenshot

Log PE Files Loaded in The System

This Windows application is a great help in malware analysis but also in monitoring
for PE files loaded in the system. The log files (that can be saved also on Windows Event Viewer) can help IT analysts on a post-infection and incident response to find out all PE files (EXE, DLL, SYS) loaded in the system and spot the potentially malicious one.

Track PE Files

Can save to a .log file all PE files (EXE, DLL, SYS) loaded in the system.

Capture PE Files

Can capture the PE files into a specific folder for further analysis.

Windows Event Viewer

We included an option to send the logged events to Windows Event Viewer.

Additional Details

View PE file path, MD5 hash, file size, file publisher, file company and signer.

Configurator GUI

With the Configurator GUI you can easily change the program settings.

Incident Response

Data logged by this tool is useful for post-infection and incident response.


Application Screenshots

Here there are some screenshots of the application.

app screen
arrow
arrow

What's New

Here you can find what we have changed and updated.
We constantly improve our products with bugs fixes, improvements and new features.
Subscribe to newsletter to receive news on your email.

[12-Jul-2022] v1.4.0.0

+ Added Do Not Capture Microsoft-Signed Files
+ Added Do Not Capture Files Signed by Trusted Vendors
+ Added Do Not Capture Files from C:\Program Files\WindowsApps\*
+ Added Do Not Capture Files from C:\Windows\WinSxS\*
+ Added Do Not Capture Files from C:\Windows\assembly\*
+ Updated NoVirusThanks License Manager to latest version
+ Minor fixes and optimizations
+ Updated internal libraries

[11-Jun-2022] v1.3.0.0

+ Improved support for Windows 11
+ Created a simple Configurator GUI application
+ Included PE file size, file publisher and file description
+ Fixed an incompatibility with Intel 11th Gen processors
+ Support UTF8 encoding in Config.ini file
+ Support UTF8 encoding in Exclusions.db file
+ Improved deletion of log files older than N days
+ Added option Log to Windows Event Viewer
+ Added option Include PE File Signer in Events Details
+ Added option Skip Files Larger Than 50 MB
+ By default the program runs in 30-days trial mode
+ Automate product activation via setup.exe command-line /LICENSEKEY=
+ Integrated NoVirusThanks License Manager 
+ Created installer/uninstaller scripts
+ Changed End User License Agreement (EULA)
+ Minor fixes and optimizations
        

Product Details

Version 1.4
Last Updated July 12, 2022
Operating System Windows 7 SP1, 8, 8.1, 10, 11 (32/64-bit)
License Type Shareware
Setup File Size 44.5 MB
Install Size 1.4 MB