This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 2.3 of Fundamentals of Malware Analysis
The internal structure of Windows executables — DOS header, PE signature, File Header, Optional Header, Data Directories, section table, RVAs, and the anomalies that indicate packed or malicious binaries.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quick Bite
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
PE-Bear — Visual PE Structure Explorer
Free PE editor and viewer with graphical display of all header fields, sections, and data directories. Install in your analysis VM.
Corkami PE101 — Visual PE Reference
Visual reference mapping every PE field to its hex offset. Print and keep beside your disassembler.
Microsoft PE Format Specification
Official Microsoft documentation for the PE/COFF file format. Authoritative reference for all header structure definitions.
Quadrant 4 · Self-Assessment
Fundamentals of Malware Analysis
Covers the analysis environment, PE file structure, static property examination, behavioural analysis, and dynamic code analysis of Windows executables.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.