The PE Tree standalone application can reduce the time and hassle needed to deconstruct malicious code in forensic studies.

Cybersecurity professionals wishing to reverse-engineer malware will soon have a free open-source tool for this purpose, at their disposal.

Reverse engineering of malware is an extremely time- and labor- intensive process that can involve hours of disassembling and sometimes deconstructing a software program.

With the free tool by BlackBerry Limited called PE Tree, cybersecurity teams can view Portable Executable (PE) files in a tree-view using pefile and PyQt5, thereby lowering the bar for dumping and reconstructing malware from memory while providing an open-source PE viewer code-base that the community can build upon.

New tools needed to fight cybercrime

The tool also integrates with Hex-Rays’ IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping in-memory PE files and performing import reconstruction—critical in the fight to identify and stop various strains of malware.

PE Tree was developed in Python and supports the Windows, Linux and Mac operating systems. It can be installed and run as either a standalone application or an IDAPython plugin, allowing users to examine any executable Windows file and see what its composition is.

Said Eric Milam, Vice President of Research Operations, BlackBerry: “The cybersecurity threat landscape continues to evolve and cyberattacks are getting more sophisticated with potential to cause greater damage. As cybercriminals up their game, the cybersecurity community needs new tools in their arsenal to defend and protect organizations and people. We’ve created this solution to help the cybersecurity community in this fight, where there are now more than 1 billion pieces of malware with that number continuing to grow by upwards of 100 million pieces each year.”

The BlackBerry Research and Intelligence team initially developed this open source tool for internal use, but they are now making it available to the malware reverse engineering community.