Suspicious files are nice. We could probably think about lots of suspicious characteristics that PE files may have and all we know is on pescan:
$pescan -v Nota.cpl file entropy: 7.986840 (probably packed) cpl analysis: malware fpu anti-disassembly: no imagebase: normal - 0x400000 entrypoint: normal - va: 0x15c330 - raw: 0x65530 DOS stub: suspicious - raw: 0x40 TLS directory: not found section count: 3 .text: self-modifying .rsrc: self-modifying .reloc: small length timestamp: normal - Wed, 26 Jun 2013 12:22:16 UTC
pescan is the PE scanner program intented to find any suspicious characteristic on it. It's good for an initial analysis. Further you can analyze things deeply with readpe, pedis, peres and so on.
Strings are also good indicators in general PE file analysis. To avoid the problem with Unicode and ASCII strings, we've developed our own strings dumper for PE files. With pestr you know exactly where the string is inside the file and you don't need to specify wether you are looking for ASCII or Unicode strings. pestr catches both.
$pestr --so dotnet.exe 0x2a69c .text Button4 0x2a6a9 .text TextBox1 0x2a6b6 .text 3System.Resources.Tools.StronglyTypedResourceBuilder 0x2a6eb .text 188.8.131.52 0x2a6f7 .text KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator 0x2a744 .text 184.108.40.206 0x2a752 .text My.Settings 0x2a972 .text _CorExeMain 0x2a97e .text mscoree.dll 0x2be7c .rsrc IHDR 0x2be95 .rsrc pHYs 0x2beaa .rsrc IDATx 0x2c1bb .rsrc IEND 0x2d742 .rsrc VS_VERSION_INFO 0x2d79e .rsrc VarFileInfo 0x2d7be .rsrc Translation 0x2d7e2 .rsrc StringFileInfo
All tools are provided with manpages. Check it out and discover what you can do with pev. ;)