For legitimate applications there is times when you would want to do this, but if it’s some random EXE from a payload…

In my cases I try to avoid working with the source file, I will do as much as possible by running it a lab. But you can miss timed actions and other types of triggers. Also there is hardly a magic bullet to deal with these, as a start I use PEiD. After that is all about what packs that EXE and you tracking it down. If a generic tool won’t unpack it you are in for a fun day looking for something.

In other cases if the file is packed all at once, but it does not have any defense mechanisms you can dump the running EXE from memory. Sometimes you can have a file that has multiple sections packed, then you can mix in some anti-analysis tools and its not a enjoyable process.

http://www.pcworld.com/article/211765/microsoft_downplays_nightmare_windows_kernel_flaw.html

MS is downplaying the severity of the vulnerability because its not a remote vulnerability in itself and would have to be combined with another vulnerability.

That’s kinda disturbing, its not like it’s hard to come up with remote execution code for windows based system, I bet there has been at least one every two months for who knows how long.

Read it your self and come up with your own opinion.

Enjoy.