wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2025 winget.ragerworks.com

Loading...
Install PE-bear using Winget - wingetCollections
  1. Go back
  2. Packages
  3. PE-bear
PE-bear logo

PE-bear hasherezade

bearparser malware-analysis multiplatform pe-analyzer pe-analyzer-gui pe-editor pe-file pe-format
Use this command to install PE-bear:
winget install --id=hasherezade.PE-bear -e

PE-bear is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.

PE-bear is a multiplatform reversing tool designed for analyzing Portable Executable (PE) files. It provides malware analysts with a fast, flexible, and stable solution to examine PE files, including those that are malformed or corrupted.

Key Features:

  • Multiplatform Support: Runs on Windows, Linux, and macOS, ensuring broad accessibility.
  • User-Friendly GUI: Offers an intuitive interface for efficient navigation and analysis of PE file structures.
  • Signature Database Integration: Incorporates signatures from PEid's UserDB, enhancing identification capabilities.
  • Handling Malformed Files: Robust enough to analyze corrupted or incomplete PE files.
  • Bearparser Engine: Leverages advanced parsing techniques to deliver detailed insights into PE file internals.
  • Regular Updates: Keeps up-to-date with the latest developments in malware analysis and PE file formats.

README

PE-bear

Build status Codacy Badge License: GPL v2 Last Commit

GitHub release Github All Releases Github Latest Release

PE-bear is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.

Signatures for PE-bear:

  • SIG.txt (updated: Oct 17, 2022) - contains signatures from PEid's UserDB - converted by a script provided by crashish

Builds

📦 ⚙️ Download the latest release.

Windows Packaging

Available also via:

  • Chocolatey
  • Scoop
  • WinGet (winget install pe-bear)

Test Builds

🧪 Fresh test builds (ahead of the official release) can be downloaded from the AppVeyor build server. They are created on each commit to the branch. You can download them by clicking on the build version, then choosing the tab . WARNING: those builds may be unstable.

Versions
0.7.1
0.7.0
Website
github.com
License
Last Updated
5/15/2025

Audience & Benefit: Ideal for malware analysts, security researchers, and incident responders who require a reliable tool to quickly assess PE files. PE-bear streamlines initial analysis by providing essential information about file structure, headers, sections, imports, and exports, enabling faster identification of malicious behavior or anomalies.

PE-bear can be installed via winget, ensuring easy setup across supported platforms.

main
Artifacts

> An archive of old releases is available here: https://github.com/hasherezade/pe-bear-releases

Available releases

The Linux build requires appropriate version of Qt to be installed.

The Windows build with vs13 suffix(built with Visual Studio 2013) has no external dependencies.

The Windows build with vs19 suffix (built with Visual Studio 2019) requires the redistributable package for Visual Studio 2015 - 2022.

The Windows build with vs10 suffix is built with Qt4 (legacy) - in contrast to the other builds that are with Qt5 (recommended). It is prepared for the purpose of backward compatibility with old versions of Windows (i.e. XP), and may be lacking some of the features.

How to build

Requires:

  • git
  • cmake
  • Qt6 (optional: Qt5, Qt4)
  • bearparser (submodule)
  • capstone (submodule)
  • sig_finder (submodule)

Clone

Use recursive clone to get the repo together with submodules:

git clone --recursive https://github.com/hasherezade/pe-bear.git

Building on Windows

Use CMake to generate a Visual Studio project. Open in Visual Studio and build.

Building on Linux and MacOS

To build it on Linux or MacOS you can use the given scripts:

  • build.sh - default, builds with the latest Qt
  • build_qt6.sh - builds with Qt6
  • build_qt5.sh - builds with Qt5
  • build_qt4.sh - builds with Qt4

To generate the .app bundle on MacOS you can use:

  • macos_wrap.sh

More info on 📖 Wiki.

If you like PE-bear, you can support it by buying the merch 🐻