Today, at the Black Hat USA 2020 security conference, BlackBerry released a new tool for the cyber-security community.
Named PE Tree, this is a new Python-based app for Linux, Mac, and Windows that can be used to reverse-engineer and analyze the internal structure of Portable Executable (PE) files -- a common file that malware authors have used to hide malicious payloads.
"Reverse engineering of malware is an extremely time- and labor-intensive process, which can involve hours of disassembling and sometimes deconstructing a software program," the company said in a press release today.
"The BlackBerry Research and Intelligence team initially developed this open source tool for internal use and is now making it available to the malware reverse engineering community," it added.
According to BlackBerry, PE Tree's benefits include:
Listing PE file content in an easy-to-navigate tree view
Integration with the IDA Pro decompiler (easy navigation of PE structures, dumping in-memory PE files, performing import reconstruction)
VirusTotal search integration
Can send data to CyberChef
Can run as either a standalone application or an IDAPython plugin
Open source license allows community contributions
The tool is an alternative to PE-bear, a similar app developed by Malwarebytes malware analyst Aleksandra "Hasherezade" Doniec.
Cyber-security vendors embracing the open-source space
PE Tree also marks the release of yet another useful cyber-security tool into the open source space. This is a major change in approach for cyber-security firms, which have historically kept their internal tools out of the public eye, or closed-source and under expensive commercial licenses.
Over the past two years, we've seen:
FireEye release CommandoVM, a Windows-based virtual machine specifically built for malware research, as an alternative to Kali Linux, the community's favorite OS.