BlackBerry Rolls Out Free Malware Reverse Engineering Tool


Blackberry rolls out a free malware reverse engineering tool, which allows cybersecurity professionals to view and analyze malicious payloads hidden within Programmable Executable (PE) files.

BlackBerry on Monday officially announced the availability of its open source malware reverse engineering tool, called PE Tree. The tool enables cybersecurity teams and reverse engineers to view PE files in tree-view. 

The Waterloo-based software company claims that PE Tree will help curb time and efforts in reverse engineering malwareOpens a new window threats. The free tool can be used to provide a breakdown of PE files and their structures used in Windows OS loaders to manage program execution data and executable code. It can be used on Windows, macOS and Linux environments and can also be integrated with Hex-Rays’ IDA Pro decompiler. 

“We’ve created this solution to help the cybersecurity community in this fight, where there are now more than 1 billion pieces of malware with that number continuing to grow by upwards of 100 million pieces each year,” said Eric Milam, Vice President of Research Operations, BlackBerry.

See Also: Malware or Not: Ensiko, a New Malware Has Ransomware Capabilities

Utility of the Python-based PE Tree can be summarized as below:

  • Seamless integration with Hex-Rays’ IDA Pro decomplier allows easy parsing of PE structures, dumping in-memory PE files, and execute import reconstruction.
  • Ability to be leveraged as a standalone application as well as an IDAPython plugin.
  • Multi-platform and hierarchical tree view support.
  • Highlights suspicious findings and allows analysts to improve their research by performing VirusTotal, an aggregator of malicious signatures and analysis tools for the detection of viruses, trojans, worms etc.
  • Is open source and thus, can be customized and built upon as required.
  • With Tree view, PE files such as DOS stub, sections, resources, certificates and overlay can be saved or exported to CyberChef for additional processing.

PE Tree is one of the first announcements to be made at the BlackHat USA 2020. The open-source tool which was once used internally by the BlackBerry Research and Intelligence team is now available to everyone.

New features will be released ‘frequently’ as the company actively upgrades the PE Tree tool over time. Tom Bonner, Threat Researcher at BlackBerry wrote in a blogOpens a new window , “The next major release will focus on Rekall support, offering the ability to view and dump processes from either a memory dump or live system.”

Image: BlackBerry (The future… Dumping active processes using Rekall!)

As the cybersecurity threat ecosystem continues to evolve, cyberattacks would get more sophisticated causing immense damage to IT infrastructure. The PE Tree Tool developed by the BlackBerry Research and Intelligence Team is a novel arsenal in the toolkit of cybersecurity professionals and it would be exciting to see how it traverses from here.   

Got anything interesting to add to this story? Let us know in the comments below. You can also give us a shoutout at LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!