Didier Stevens

Sunday 27 October 2019

Update: pecheck.py Version 0.7.8

Filed under: My Software,Update — Didier Stevens @ 10:37

This new version of pecheck.py, a tool to analyze PE files, comes with a small update to option -l.

The overview of embedded PE files produced with option -l P now reports the hash of the embedded PE file without overlay:

By default, this is an MD5 hash, but can be changed to your liking using environment variable DSS_DEFAULT_HASH_ALGORITHMS, like this:

I will introduce this environment variable to my other tools with new releases.


pecheck-v0_7_8.zip (https)
MD5: 616CD9159316FC2100BE3E87C5C26B2C
SHA256: F734EFFFA17E4EE6CA64A67D18340B3347B72C4B1C7522BAF1B7D720FABA2389


  1. […] Update: pecheck.py Version 0.7.8 […]

    Pingback by Overview of Content Published in October | Didier Stevens — Friday 1 November 2019 @ 0:00

  2. […] I use my tool pecheck.py to search for PE files inside the byte stream (-l P), like […]

    Pingback by Steganography and Malware | Didier Stevens — Tuesday 12 November 2019 @ 0:00

  3. […] zipdump.py, pecheck.py, […]

    Pingback by Analyzing Unusual ZIP Files – Didier Stevens Videos — Wednesday 1 January 2020 @ 13:08

  4. […] format-bytes.py, pecheck.py, file-magic.py, […]

    Pingback by Stego & Cryptominers – Didier Stevens Videos — Sunday 2 February 2020 @ 13:07

  5. […] Blog post: Update: pecheck.py Version 0.7.8 […]

    Pingback by pecheck: Carving PE Files – Didier Stevens Videos — Thursday 26 March 2020 @ 14:31

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.