PEiD detects most common packers, cryptors and compilers for PE files and currently it can detect more than 470 different signatures in PE files.
PEiD is special in some aspects when compared to other identifiers already out there![ Key Features ]
· It has a superb GUI and the interface is really intuitive and simple.[ Scanning Modes ]There are 3 different and unique scanning modes in PEiD:
· Detection rates are amongst the best given by any other identifier.
· Special scanning modes for *advanced* detections of modified and unknown files.
· Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
· Multiple file and directory scanning with recursion.
· Task viewer and controller.
· Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
· Extra scanning techniques used for even better detections.
· Heuristic Scanning options.
· New PE details, Imports, Exports and TLS viewers
· New built in quick disassembler.
· New built in hex viewer.
· External signature interface which can be updated by the user.
1. The *Normal Mode* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do.
2. The *Deep Mode* scans the PE file’s Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files.
3. The *Hardcore Mode* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous outputs may result.
The scanner’s inbuilt scanning techniques have error control methods which generally ensure correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons![ Official Download ]