How to identify malware with pescan

PEScan is a commercial tool that can be purchased here:
It is well worth the money.

pescan compares system files to a list of known signatures of packers and crypters to try and identify suspicious executable.
You might want to Google around for the most up-to-date PEid signature files, or grab this one:

Run it like so:

On Linux:
find /path/to/mounted/Windows/System32/ | pescan -pipe -peid /path/to/signatures/file.txt -csv -anomalies -md5 -base10 | sed -e 1,5d > pescan-results.csv

On Windows:
dir /s /b \path\to\mounted\windows\system32\ | pescan64.exe -pipe -peid peid-signatures.txt -csv -anomalies -md5 -base1 > pescan-results.csv (open in text editor and delete the first 5 lines)

Open the CSV file with Excel and sort and filter by the “Rating” column, largest to smallest, that will you give the most suspicious files at the top.
Be extra cautious of files from “unknown” companies and lesser known companies.