Skip to content
Log in

Portable Executable (PE)

Definition

The binary file format used by Windows executables (.exe), dynamic-link libraries (.dll), and drivers (.sys). The PE header contains a structured metadata block including the import table, section table, compilation timestamp, and entry point address. Parsing the PE header is a foundational step in static Windows malware analysis.

Related terms

Cryptographic hash
A fixed-length digest produced from a file's bytes by an algorithm such as MD5 (128-bit), SHA-1 (160-bit), or SHA-256 (256-bit). Identical files...
Disassembly
The process of converting raw binary machine code back into human-readable assembly language instructions. Disassembly is always achievable from a binary, unlike...
Import Address Table (IAT)
A section of the PE header that lists every external DLL and the functions the executable calls from each. A malware sample's...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Packer / packing
A technique in which the original malware code is compressed or encrypted and wrapped in a stub loader that decompresses or decrypts...

Explained in

  • Static Malware AnalysisThe binary file format used by Windows executables (.exe), dynamic-link libraries (.dll), and drivers (.sys). The PE header contains a structured metadata bloc...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account