PE Capture Svc is the service-only version of PE Capture software application. It allows you to capture, via the service, all PE files (such as executables, DLL modules and drivers) loaded in the system. It can save a log file with the date/time, fully qualified file path and file hash to easily find the location of a captured PE file. To save performance, the program logs\captures PE files uniquely (using a caching method).
For Windows XP, Vista, 7, 8, 10 (32\64-bit)
Aid in the detection of malicious PE files loaded on a computer and simplify the work
of Incident Response analysis. An example use-case is to capture all PE files to a specific folder, then use a script to automatically scan that folder with custom YARA rules to identify malware. Any PE file executed in the
system is captured, not just ones that are loaded.
Effectively capture any PE file (executables, DLLs, drivers) loaded in the system.
Save detailed log files with date/time, fully qualified file path and file hash.
Service-only application that runs in the background, without a GUI.
The software application uses only a few MBs of memory, you will not even notice it.
The program is free from spyware, adware or other pests, nothing extra is installed.
Just install the service following the instructions and that's all.
With this video we show you PE Capture Service in action, so you can
see how it works and how lightweight it is.
|Last Updated||May 21, 2017|
|Operating System||For Windows XP, Vista, 7, 8, 10 (32\64-bit)|
|Category||Malware Analysis Tools|
|File Size||1.3 MB|