PE-bear is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.
Signatures for PE-bear:
- SIG.txt (updated: 22.01.2014) - contains signatures from PEid's UserDB - converted by a script provided by crashish
📦 ⚙️ Download the latest release.
Available also via Chocolatey
🧪 Fresh test builds (ahead of the official release) can be downloaded from the AppVeyor build server. They are created on each commit to the main branch. You can download them by clicking on the build version, then choosing the tab Artifacts. WARNING: those builds may be unstable.
An archive of old releases is available here: https://github.com/hasherezade/pe-bear-releases
- git
- cmake
- Qt5 (optionally Qt4)
- bearparser (submodule of the current repository)
- capstone (submodule of the current repository)
Use recursive clone to get the repo together with submodules:
git clone --recursive https://github.com/hasherezade/pe-bear.gitUse CMake to generate a Visual Studio project. Open in Visual Studio and build.
To build it on Linux or MacOS you can use the given scripts:
- build.sh - default, builds with Qt5
- build_qt5.sh - builds with Qt5
- build_qt4.sh - builds with Qt4
To generate the .app bundle on MacOS you can use:
If you like PE-bear, you can support it:
