Main WebWindows PE Headers
This page covers all of our Windows PE Header signatures. Jonathan Gross has done a good deal of work here, as have others. We're trying to mature these signatures, so please give feedback on how they perform on your network. Some of these signatures are intended to detect just a PE header, which may well be a legitimate executable in transit. Others are intended to detect executables packed with known malicious packers, or in streams where they were purported to be something else (such as an image in an http stream). Attached are some reference materials on structure and format. PE HEader Related:| 2003615 | TWikiGuest | 31 Jan 2008 - 15:12 |
| 2003614 | TWikiGuest | 31 Jan 2008 - 15:12 |
| WinPEHeaders | MattJonkman | 26 Apr 2007 - 00:11 |
| 2008367 | TWikiGuest | 03 Jul 2008 - 19:30 |
| 2001684 | TWikiGuest | 03 Jul 2008 - 19:24 |
| 2001685 | TWikiGuest | 03 Jul 2008 - 19:24 |
| 2007671 | TWikiGuest | 07 Jun 2008 - 00:49 |
| 2007594 | TWikiGuest | 22 Mar 2008 - 21:11 |
| DropperWin32VBcn | MattJonkman | 12 Mar 2008 - 19:33 |
| 2000426 | TWikiGuest | 03 Feb 2008 - 17:54 |
| 2000424 | TWikiGuest | 03 Feb 2008 - 17:54 |
| 2000425 | TWikiGuest | 03 Feb 2008 - 17:54 |
| 2000427 | TWikiGuest | 03 Feb 2008 - 17:54 |
| 2000419 | TWikiGuest | 03 Feb 2008 - 17:54 |
| 2000423 | TWikiGuest | 03 Feb 2008 - 17:54 |
| 2001047 | TWikiGuest | 31 Jan 2008 - 15:12 |
| 2001046 | TWikiGuest | 31 Jan 2008 - 15:12 |
| 2003186 | TWikiGuest | 31 Jan 2008 - 15:12 |
| 2003184 | TWikiGuest | 31 Jan 2008 - 15:12 |
| 2003185 | TWikiGuest | 31 Jan 2008 - 15:12 |
| 2001683 | TWikiGuest | 28 Jan 2008 - 22:24 |
| 2001694 | TWikiGuest | 08 Jan 2008 - 22:35 |
| 2001693 | TWikiGuest | 08 Jan 2008 - 22:35 |
| 2006385 | MattJonkman | 09 Jul 2007 - 04:14 |
| WinPEHeaders | MattJonkman | 26 Apr 2007 - 00:11 |
| SnortSamREADMEnetscreen | MattJonkman | 09 Mar 2007 - 14:32 |
| SnortSamFAQ | MattJonkman | 09 Mar 2007 - 14:12 |
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 txt | Portable_Executable_Format.txt | manage | 37.6 K | 25 Apr 2007 - 23:59 | MattJonkman |
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback