PE-bear

PE-bear is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.

Signatures for PE-bear:

• SIG.txt (updated: 22.01.2014) - contains signatures from PEid's UserDB - converted by a script provided by crashish

Clone

Use recursive clone to get the repo together with the submodule:

git clone --recursive https://github.com/hasherezade/pe-bear.git

Builds

Download the latest release.

Available also via Chocolatey

🧪 Fresh test builds (ahead of the official release) can be downloaded from the AppVeyor build server. They are created on each commit to the main branch. You can download them by clicking on the build version, then choosing the tab Artifacts. WARNING: those builds may be unstable.

An archive of old releases is available here: https://github.com/hasherezade/pe-bear-releases