PE Capture is a handy Windows OS utility useful mainly to capture PE files, such as executables, DLLs and drivers, loaded in the system. It captures a copy of the loaded PE file (renamed as its file hash) on the “Intercepted” folder for further analysis, moreover it logs the execution events to easily find a specific PE file previously captured. A swiss army knife to speed-up the malware analysis by capturing the PE files executed in the test environment. Try also PE Capture Service (service-only application with no GUI).
For Windows XP, Vista, 7, 8, 10 (32\64-bit)
|Last Updated||January 28, 2016|
|Operating System||For Windows XP, Vista, 7, 8, 10 (32\64-bit)|
|Category||Malware Analysis Tools|
|File Size||1.4 MB|