Kaspersky Threat Intelligence Portal provides PE information and information about extracted strings.
PE information
This section displays information about the structure of the executed file in Portable Executable (PE) format, if this information is available.
PE information
Table name |
Parameters |
|---|---|
Sections |
Name—File section name. Virtual size—Section size. Virtual address—Section's relative virtual address (RVA). Raw size—Section size in the file. |
Export information |
Name—Name of the file. Ordinal—Sequence number of the exported element. RVA—RVA of the exported element. Name—Name of the exported element. |
Import information |
Library—Name of the imported library (.dll). Function—Function name. Ordinal—Sequence number of the imported element. |
Debug information |
Time stamp—Date and time when the debug information was created. Type—Type of the debug information. |
Extracted strings
This section displays information about strings that were extracted during the file execution.
Extracted strings
Parameter |
Description |
|---|---|
Line |
Extracted string (the first 1000 characters). |
Encoding |
List of encodings (UTF-8, UTF-16BE, UTF-16LE, ASCII). |