1. Home
  2. Docs
  3. RogueKillerPE
  4. Getting Started
  5. PE structure

PE structure

When Adlice PEViewer opens a file (or process module) it starts parsing the PE structure data and display it in several tabs. Most of the tabs are described below:

If you need information regarding this structure please look at the Microsoft documentation.

The General tab displays information about file/process, hashes and scores.

The image tab shows the Bin2Img representation, allowing to quickly view data representation and diversity (entropy).

The indicators tab displays all anomalies (or strong hints) found during information parsing. They give hints about if the file is malicious or legit.

The memory tab displays process’ pages.

The hex tab displays a hex view of the data, and allows to search for strings inside.

The MZ/PE header views are showing raw PE data

The Resources tab shows resources in the file

The Version info/Digisig tab shows version information and if the file is digitally signed.

How can we help?