28 June 2011

PESpin Freeware PE-File Compressor/Protector

PESpin is a Windows executable files (EXE, DLL) protector, compressor coded in pure assembly using MASM. It allows compression of the whole executable - code, data and resources, leaving them executable and protects against patching and disassembling.

- v1.33 - x32
+ added support for vs2010 files
+ minor bugs fixed

- v1.21 - x64
+ fixed DLLs compatibility with IE9
+ minor GUI changes

- v1.2 - x64
+ added password protection
+ added overlays handling

Compatibility with Windows® XP/Vista/7

Homepage + Downloads

We write here about an Executable Packer which is not often used. A high False Positive rating from most AV's is suspected as well as related Tools such as WOT rating might be low. Most AV's can not unpack the file and/or files packed with it and therefore not scan inside the binaries so they flag it falsely as Virus.

Analysis Reports PESpin.exe 32bit (the behavior is harmless - no online connections - but mirrors that many AV's are wrong reporting as Trojan): Anubis | CWSandbox | ThreatExpert

Bitsum PeCompact had similar problems with false positive and wrote on his page if you are a Security Company and need assistance to scan inside the compressed modules - support help will be provided.
PeCompact will be as well one outstanding ExePacker to make files smaller but cause of unwanted malware authors who abuse such tools the distribution have been limited.
It will be great if all AV's implement unpacking support to scan inside packed exe/dll/ocx files and reduce the large number of false positive alerts instead of flag all files falsely as Viruses.


Post a Comment

We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.