PE¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| name | EmptyableKeyword | None | Optional |
None |
| format | EmptyableKeyword | None | Optional |
None |
| imphash | EmptyableKeyword | None | Optional |
None |
| entrypoint | Integer | None | Optional |
None |
| header | Header | None | Optional |
None |
| optional_header | Optional_Header | None | Optional |
None |
| dos_header | Dos_Header | None | Optional |
None |
| rich_header | Rich_Header | None | Optional |
None |
| nx | Boolean | None | Optional |
None |
| authentihash | Authentihash | None | Optional |
None |
| tls | TLS | None | Optional |
None |
| position_independent | Boolean | None | Optional |
None |
| is_reproducible_build | Boolean | None | Optional |
None |
| size_of_headers | Integer | None | Optional |
None |
| virtual_size | Integer | None | Optional |
None |
| size | Integer | None | Optional |
None |
| sections | List [Sections] | None | Optional |
None |
| debugs | List [Debug] | None | Optional |
None |
| export | Export | None | Optional |
None |
| imports | List [Import] | None | Optional |
None |
| load_configuration | Load_Configuration | None | Optional |
None |
| resources_manager | Resources_Manager | None | Optional |
None |
| resources | List [Resource] | None | Optional |
None |
| verify_signature | EmptyableKeyword | None | Optional |
None |
| signatures | List [Signature] | None | Optional |
None |
| overlay | Overlay | None | Optional |
None |
| relocations | List [Relocation] | None | Optional |
None |
Authentihash¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| sha512 | EmptyableKeyword | None | Optional |
None |
| sha384 | EmptyableKeyword | None | Optional |
None |
| sha256 | SHA256 | None | Optional |
None |
| sha1 | SHA1 | None | Optional |
None |
| md5 | MD5 | None | Optional |
None |
Debug¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| addressof_rawdata | Integer | None | Optional |
None |
| characteristics | Integer | None | Optional |
None |
| major_version | Integer | None | Optional |
None |
| minor_version | Integer | None | Optional |
None |
| pointerto_rawdata | Integer | None | Optional |
None |
| sizeof_data | Integer | None | Optional |
None |
| timestamp | Integer | None | Optional |
None |
| hr_timestamp | Date | None | Optional |
None |
| type | EmptyableKeyword | None | Optional |
None |
| code_view | CodeView | None | Optional |
None |
| pogo | POGO | None | Optional |
None |
CodeView¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| age | Integer | None | Optional |
None |
| cv_signature | EmptyableKeyword | None | Optional |
None |
| filename | EmptyableKeyword | None | Optional |
None |
| guid | EmptyableKeyword | None | Optional |
None |
POGO¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| entries | List [Entry] | None | Optional |
None |
| signature | EmptyableKeyword | None | Optional |
None |
Entry¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| name | EmptyableKeyword | None | Optional |
None |
| size | Integer | None | Optional |
None |
| start_rva | Integer | None | Optional |
None |
Dos_Header¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| addressof_new_exeheader | Integer | None | Optional |
None |
| addressof_relocation_table | Integer | None | Optional |
None |
| checksum | Integer | None | Optional |
None |
| file_size_in_pages | Integer | None | Optional |
None |
| header_size_in_paragraphs | Integer | None | Optional |
None |
| initial_ip | Integer | None | Optional |
None |
| initial_relative_cs | Integer | None | Optional |
None |
| initial_relative_ss | Integer | None | Optional |
None |
| initial_sp | Integer | None | Optional |
None |
| magic | Integer | None | Optional |
None |
| maximum_extra_paragraphs | Integer | None | Optional |
None |
| minimum_extra_paragraphs | Integer | None | Optional |
None |
| numberof_relocation | Integer | None | Optional |
None |
| oem_id | Integer | None | Optional |
None |
| oem_info | Integer | None | Optional |
None |
| overlay_number | Integer | None | Optional |
None |
| used_bytes_in_the_last_page | Integer | None | Optional |
None |
Export¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| entries | List [Entry] | None | Optional |
None |
| export_flags | Integer | None | Optional |
None |
| major_version | Integer | None | Optional |
None |
| minor_version | Integer | None | Optional |
None |
| name | EmptyableKeyword | None | Optional |
None |
| ordinal_base | Integer | None | Optional |
None |
| timestamp | Integer | None | Optional |
None |
| hr_timestamp | Date | None | Optional |
None |
Entry¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| address | Integer | None | Optional |
None |
| forward_information | Forward_Information | None | Optional |
None |
| function_rva | Integer | None | Optional |
None |
| is_extern | Boolean | None | Optional |
None |
| name | EmptyableKeyword | None | Optional |
None |
| ordinal | Integer | None | Optional |
None |
Forward_Information¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| function | EmptyableKeyword | None | Optional |
None |
| library | EmptyableKeyword | None | Optional |
None |
Header¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| characteristics_hash | Integer | None | Optional |
None |
| characteristics_list | List [EmptyableKeyword] | None | Optional |
None |
| machine | EmptyableKeyword | None | Optional |
None |
| numberof_sections | Integer | None | Optional |
None |
| numberof_symbols | Integer | None | Optional |
None |
| signature | List [Integer] | None | Optional |
None |
| timestamp | Integer | None | Optional |
None |
| hr_timestamp | Date | None | Optional |
None |
Import¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| library | EmptyableKeyword | None | Optional |
None |
| data | Integer | None | Optional |
None |
| hint | Integer | None | Optional |
None |
| iat_address | Integer | None | Optional |
None |
| iat_value | Integer | None | Optional |
None |
| is_ordinal | Boolean | None | Optional |
None |
| name | EmptyableKeyword | None | Optional |
None |
| ordinal | Integer | None | Optional |
None |
Load_Configuration¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| characteristics | Integer | None | Optional |
None |
| critical_section_default_timeout | Integer | None | Optional |
None |
| csd_version | Integer | None | Optional |
None |
| decommit_free_block_threshold | Integer | None | Optional |
None |
| decommit_total_free_threshold | Integer | None | Optional |
None |
| editlist | Integer | None | Optional |
None |
| global_flags_clear | Integer | None | Optional |
None |
| global_flags_set | Integer | None | Optional |
None |
| lock_prefix_table | Integer | None | Optional |
None |
| major_version | Integer | None | Optional |
None |
| maximum_allocation_size | Integer | None | Optional |
None |
| minor_version | Integer | None | Optional |
None |
| process_affinity_mask | Integer | None | Optional |
None |
| process_heap_flags | Integer | None | Optional |
None |
| reserved1 | Integer | None | Optional |
None |
| security_cookie | Integer | None | Optional |
None |
| timedatestamp | Integer | None | Optional |
None |
| hr_timedatestamp | Date | None | Optional |
None |
| version | EmptyableKeyword | None | Optional |
None |
| virtual_memory_threshold | Integer | None | Optional |
None |
| se_handler_count | Integer | None | Optional |
None |
| se_handler_table | Integer | None | Optional |
None |
| guard_cf_check_function_pointer | Integer | None | Optional |
None |
| guard_cf_dispatch_function_pointer | Integer | None | Optional |
None |
| guard_cf_flags_list | List [EmptyableKeyword] | None | Optional |
None |
| guard_cf_function_count | Integer | None | Optional |
None |
| guard_cf_function_table | Integer | None | Optional |
None |
| guard_flags | EmptyableKeyword | None | Optional |
None |
| code_integrity | Code_Integrity | None | Optional |
None |
| guard_address_taken_iat_entry_count | Integer | None | Optional |
None |
| guard_address_taken_iat_entry_table | Integer | None | Optional |
None |
| guard_long_jump_target_count | Integer | None | Optional |
None |
| guard_long_jump_target_table | Integer | None | Optional |
None |
| dynamic_value_reloc_table | Integer | None | Optional |
None |
| hybrid_metadata_pointer | Integer | None | Optional |
None |
| dynamic_value_reloctable_offset | Integer | None | Optional |
None |
| dynamic_value_reloctable_section | Integer | None | Optional |
None |
| guard_rf_failure_routine | Integer | None | Optional |
None |
| guard_rf_failure_routine_function_pointer | Integer | None | Optional |
None |
| reserved2 | Integer | None | Optional |
None |
| guard_rf_verify_stackpointer_function_pointer | Integer | None | Optional |
None |
| hotpatch_table_offset | Integer | None | Optional |
None |
| addressof_unicode_string | Integer | None | Optional |
None |
| reserved3 | Integer | None | Optional |
None |
Code_Integrity¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| catalog | Integer | None | Optional |
None |
| catalog_offset | Integer | None | Optional |
None |
| flags | Integer | None | Optional |
None |
| reserved | Integer | None | Optional |
None |
Optional_Header¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| addressof_entrypoint | Integer | None | Optional |
None |
| baseof_code | Integer | None | Optional |
None |
| baseof_data | Integer | None | Optional |
None |
| checksum | Integer | None | Optional |
None |
| computed_checksum | Integer | None | Optional |
None |
| dll_characteristics | Integer | None | Optional |
None |
| dll_characteristics_lists | List [EmptyableKeyword] | None | Optional |
None |
| file_alignment | Integer | None | Optional |
None |
| imagebase | Integer | None | Optional |
None |
| loader_flags | Integer | None | Optional |
None |
| magic | EmptyableKeyword | None | Optional |
None |
| major_image_version | Integer | None | Optional |
None |
| major_linker_version | Integer | None | Optional |
None |
| major_operating_system_version | Integer | None | Optional |
None |
| major_subsystem_version | Integer | None | Optional |
None |
| minor_image_version | Integer | None | Optional |
None |
| minor_linker_version | Integer | None | Optional |
None |
| minor_operating_system_version | Integer | None | Optional |
None |
| minor_subsystem_version | Integer | None | Optional |
None |
| numberof_rva_and_size | Integer | None | Optional |
None |
| section_alignment | Integer | None | Optional |
None |
| sizeof_code | Integer | None | Optional |
None |
| sizeof_headers | Integer | None | Optional |
None |
| sizeof_heap_commit | Integer | None | Optional |
None |
| sizeof_heap_reserve | Integer | None | Optional |
None |
| sizeof_image | Integer | None | Optional |
None |
| sizeof_initialized_data | Integer | None | Optional |
None |
| sizeof_stack_commit | Integer | None | Optional |
None |
| sizeof_stack_reserve | Integer | None | Optional |
None |
| sizeof_uninitialized_data | Integer | None | Optional |
None |
| subsystem | EmptyableKeyword | None | Optional |
None |
| win32_version_value | Integer | None | Optional |
None |
Overlay¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| size | Integer | None | Optional |
None |
| entropy | Float | None | Optional |
None |
Relocation¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| virtual_address | Integer | None | Optional |
None |
| entries | List [Entry] | None | Optional |
None |
Entry¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| address | Integer | None | Optional |
None |
| data | Integer | None | Optional |
None |
| position | Integer | None | Optional |
None |
| size | Integer | None | Optional |
None |
| type | EmptyableKeyword | None | Optional |
None |
Resource¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| parent_resource_ids | EmptyableKeyword | None | Optional |
None |
| parent_labels | List [EmptyableKeyword] | None | Optional |
None |
| characteristics | Integer | None | Optional |
None |
| num_childs | Integer | None | Optional |
None |
| depth | Integer | None | Optional |
None |
| name | EmptyableKeyword | None | Optional |
None |
| resource_id | Integer | None | Optional |
None |
| resource_type | EmptyableKeyword | None | Optional |
None |
| is_data | Boolean | None | Optional |
None |
| is_directory | Boolean | None | Optional |
None |
| major_version | Integer | None | Optional |
None |
| minor_version | Integer | None | Optional |
None |
| numberof_id_entries | Integer | None | Optional |
None |
| numberof_name_entries | Integer | None | Optional |
None |
| time_date_stamp | Integer | None | Optional |
None |
| hr_time_date_stamp | Date | None | Optional |
None |
| code_page | Integer | None | Optional |
None |
| sha256 | SHA256 | None | Optional |
None |
| entropy | Float | None | Optional |
None |
| offset | Integer | None | Optional |
None |
| reserved | Integer | None | Optional |
None |
Resources_Manager¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| langs_available | List [EmptyableKeyword] | None | Optional |
None |
| sublangs_available | List [EmptyableKeyword] | None | Optional |
None |
| accelerators | List [Accelerator] | None | Optional |
None |
| dialogs | List [Dialog] | None | Optional |
None |
| html | Text | None | Optional |
None |
| icons | List [Icon] | None | Optional |
None |
| manifest | Text | None | Optional |
None |
| string_table | List [EmptyableKeyword] | None | Optional |
None |
| version | Version | None | Optional |
None |
Accelerator¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| accelerator_id | Integer | None | Optional |
None |
| padding | Integer | None | Optional |
None |
| ansi | EmptyableKeyword | None | Optional |
None |
| flags | EmptyableKeyword | None | Optional |
None |
Dialog¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| charset | Integer | None | Optional |
None |
| cx | Integer | None | Optional |
None |
| cy | Integer | None | Optional |
None |
| dialogbox_style_list | List [EmptyableKeyword] | None | Optional |
None |
| extended_style | EmptyableKeyword | None | Optional |
None |
| extended_style_list | List [EmptyableKeyword] | None | Optional |
None |
| help_id | Integer | None | Optional |
None |
| items | List [Item] | None | Optional |
None |
| lang | EmptyableKeyword | None | Optional |
None |
| point_size | Integer | None | Optional |
None |
| signature | Integer | None | Optional |
None |
| style | EmptyableKeyword | None | Optional |
None |
| style_list | List [EmptyableKeyword] | None | Optional |
None |
| sub_lang | EmptyableKeyword | None | Optional |
None |
| title | EmptyableKeyword | None | Optional |
None |
| typeface | EmptyableKeyword | None | Optional |
None |
| version | Integer | None | Optional |
None |
| weight | Integer | None | Optional |
None |
| x | Integer | None | Optional |
None |
| y | Integer | None | Optional |
None |
Item¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| cx | Integer | None | Optional |
None |
| cy | Integer | None | Optional |
None |
| extended_style | Integer | None | Optional |
None |
| help_id | Integer | None | Optional |
None |
| item_id | Integer | None | Optional |
None |
| is_extended | Boolean | None | Optional |
None |
| style | EmptyableKeyword | None | Optional |
None |
| title | EmptyableKeyword | None | Optional |
None |
| x | Integer | None | Optional |
None |
| y | Integer | None | Optional |
None |
Icon¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| icon_id | Integer | None | Optional |
None |
| planes | Integer | None | Optional |
None |
| height | Integer | None | Optional |
None |
| width | Integer | None | Optional |
None |
| lang | EmptyableKeyword | None | Optional |
None |
| sublang | EmptyableKeyword | None | Optional |
None |
Version¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| type | Integer | None | Optional |
None |
| fixed_file_info | Fixed_File_Info | None | Optional |
None |
| string_file_info | String_File_Info | None | Optional |
None |
| var_file_info | Var_File_Info | None | Optional |
None |
Fixed_File_Info¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| file_date_ls | Integer | None | Optional |
None |
| file_date_ms | Integer | None | Optional |
None |
| file_flags | Integer | None | Optional |
None |
| file_flags_mask | Integer | None | Optional |
None |
| file_os | EmptyableKeyword | None | Optional |
None |
| file_subtype | EmptyableKeyword | None | Optional |
None |
| file_type | EmptyableKeyword | None | Optional |
None |
| file_version_ls | Integer | None | Optional |
None |
| file_version_ms | Integer | None | Optional |
None |
| product_version_ls | Integer | None | Optional |
None |
| product_version_ms | Integer | None | Optional |
None |
| signature | Integer | None | Optional |
None |
| struct_version | Integer | None | Optional |
None |
String_File_Info¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| key | EmptyableKeyword | None | Optional |
None |
| type | Integer | None | Optional |
None |
| langcode_items | List [LangCode_Item] | None | Optional |
None |
LangCode_Item¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| key | EmptyableKeyword | None | Optional |
None |
| type | Integer | None | Optional |
None |
| lang | EmptyableKeyword | None | Optional |
None |
| sublang | EmptyableKeyword | None | Optional |
None |
| code_page | EmptyableKeyword | None | Optional |
None |
| items | List [Item] | None | Optional |
None |
Item¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| key | EmptyableKeyword | None | Optional |
None |
| value | EmptyableKeyword | None | Optional |
None |
Var_File_Info¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| key | EmptyableKeyword | None | Optional |
None |
| type | Integer | None | Optional |
None |
| translations | List [Integer] | None | Optional |
None |
Rich_Header¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| key | Integer | None | Optional |
None |
| hash | EmptyableKeyword | None | Optional |
None |
| entries | List [Entry] | None | Optional |
None |
Entry¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| build_id | Integer | None | Optional |
None |
| count | Integer | None | Optional |
None |
| entry_id | Integer | None | Optional |
None |
Sections¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| name | EmptyableKeyword | None | Optional |
None |
| characteristics_hash | Integer | None | Optional |
None |
| characteristics_list | List [EmptyableKeyword] | None | Optional |
None |
| entropy | Float | None | Optional |
None |
| entropy_without_padding | Float | None | Optional |
None |
| md5 | MD5 | None | Optional |
None |
| offset | Integer | None | Optional |
None |
| size | Integer | None | Optional |
None |
| sizeof_raw_data | Integer | None | Optional |
None |
| virtual_address | Integer | None | Optional |
None |
| virtual_size | Integer | None | Optional |
None |
| fullname | EmptyableKeyword | None | Optional |
None |
Signature¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| version | Integer | None | Optional |
None |
| algorithm | EmptyableKeyword | None | Optional |
None |
| signers | List [Signer] | None | Optional |
None |
| certificates | List [Certificate] | None | Optional |
None |
| content_info | Content_Info | None | Optional |
None |
| check | EmptyableKeyword | None | Optional |
None |
Certificate¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| version | Integer | None | Optional |
None |
| subject | EmptyableKeyword | None | Optional |
None |
| issuer | EmptyableKeyword | None | Optional |
None |
| serial_number | EmptyableKeyword | None | Optional |
None |
| key_size | Integer | None | Optional |
None |
| key_type | EmptyableKeyword | None | Optional |
None |
| key_usage | List [EmptyableKeyword] | None | Optional |
None |
| certificate_policies | List [EmptyableKeyword] | None | Optional |
None |
| ext_key_usage | List [EmptyableKeyword] | None | Optional |
None |
| valid_from | Date | None | Optional |
None |
| valid_to | Date | None | Optional |
None |
| signature | EmptyableKeyword | None | Optional |
None |
| signature_algorithm | EmptyableKeyword | None | Optional |
None |
| is_trusted | EmptyableKeyword | None | Optional |
None |
| raw_hex | EmptyableKeyword | None | Optional |
None |
| rsa_info | RSA_Info | None | Optional |
None |
RSA_Info¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| d_param | EmptyableKeyword | None | Optional |
None |
| e_param | EmptyableKeyword | None | Optional |
None |
| n_param | EmptyableKeyword | None | Optional |
None |
| p_param | EmptyableKeyword | None | Optional |
None |
| q_param | EmptyableKeyword | None | Optional |
None |
Content_Info¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| algorithm | EmptyableKeyword | None | Optional |
None |
| digest | EmptyableKeyword | None | Optional |
None |
| content_type | EmptyableKeyword | None | Optional |
None |
Signer¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| version | Integer | None | Optional |
None |
| issuer | EmptyableKeyword | None | Optional |
None |
| serial_number | EmptyableKeyword | None | Optional |
None |
| encryption_algorithm | EmptyableKeyword | None | Optional |
None |
| digest_algorithm | EmptyableKeyword | None | Optional |
None |
| encrypted_digest | EmptyableKeyword | None | Optional |
None |
| cert | Certificate | None | Optional |
None |
| authenticated_attributes | List [EmptyableKeyword] | None | Optional |
None |
| unauthenticated_attributes | List [EmptyableKeyword] | None | Optional |
None |
Certificate¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| version | Integer | None | Optional |
None |
| subject | EmptyableKeyword | None | Optional |
None |
| issuer | EmptyableKeyword | None | Optional |
None |
| serial_number | EmptyableKeyword | None | Optional |
None |
| key_size | Integer | None | Optional |
None |
| key_type | EmptyableKeyword | None | Optional |
None |
| key_usage | List [EmptyableKeyword] | None | Optional |
None |
| certificate_policies | List [EmptyableKeyword] | None | Optional |
None |
| ext_key_usage | List [EmptyableKeyword] | None | Optional |
None |
| valid_from | Date | None | Optional |
None |
| valid_to | Date | None | Optional |
None |
| signature | EmptyableKeyword | None | Optional |
None |
| signature_algorithm | EmptyableKeyword | None | Optional |
None |
| is_trusted | EmptyableKeyword | None | Optional |
None |
| raw_hex | EmptyableKeyword | None | Optional |
None |
| rsa_info | RSA_Info | None | Optional |
None |
RSA_Info¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| d_param | EmptyableKeyword | None | Optional |
None |
| e_param | EmptyableKeyword | None | Optional |
None |
| n_param | EmptyableKeyword | None | Optional |
None |
| p_param | EmptyableKeyword | None | Optional |
None |
| q_param | EmptyableKeyword | None | Optional |
None |
TLS¶
None
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| section | EmptyableKeyword | None | Optional |
None |