file > info file > type file > description file > first %s bytes (hex) file > first %s bytes (text) optional-header > size file-header > size sections > alignment file file > version file > alignment certificate > info stamp-compiler > stamp-certificate rich-header > footprint file > image-base overlay > first %s bytes (hex) overlay > first %s bytes (text) overlay > info rich-header > checksum resource > first %s bytes (hex) resource > first %s bytes (text) file > name libraries > duplicate entry-point > first %s bytes (hex) injection > technique libraries > bound file > code-less resource > file section > file thread-local-storage > callback entry-point > invalid overlay > entropy file > checksum certificate > tail certificate > serial-number certificate > type certificate > stamp > valid-from certificate > PKCS7 > size certificate > PKCS7 > size > NULL-padding entry-point > export certificate > signature-info certificate certificate > issued-to > error certificate > stamp > signing certificate > stamp > valid-to file > network file > removable certificate > stamp certificate > first %s bytes (hex) certificate security > protection version > first %s bytes (hex) version > first %s bytes (text) first %s bytes (hex) first %s bytes (text) Exception handler > count dos-header > offset > unusual virustotal > score virustotal > score virustotal > score virustotal > permalink virustotal > scan-date mitre > technique mitre > tactic file-header > offset debug > file-name section > virtualized debug > GUID stamp > debug debug > age debug > stream first %s bytes (hex) first %s bytes (text) overlay resource optional-header > size-of-code base-of-code > suspicious file-alignment > suspicious size-of-image > suspicious size-of-headers > suspicious directories > count optional-header > directories sections > file-ratio resources > info sections > executable section > writable entry-point > location resources > instances > dotnet languages > names sections > flag exports exports > names exports > duplicates exports > count exports > forwarded exports > anonymous exports > gaps exports > file-name dos-stub > message symbols > flag imports > count imports > ordinal > count imports > flag string > suspicious imports > spoofing libraries > flag libraries > spoofing imphash > md5 imports > callback imports dos-stub > suspicious .NET > property > missing .NET > stream > suspicous .NET > stream > flag .NET > module > name .NET > file >strongly-named .NET > methods > managed libraries > p/invoke .NET > file > obfuscated .NET > namespace > flag .NET > stream directory > missing directory > invalid .NET > assemby > GUID directories > empty > count stamp > directory stamp > compiler manifest > privilege manifest > privilege manifest > UAC manifest > general file > target file > internal > name strings > ignore > count strings > flag > count strings > status string > url-pattern libraries version > size file-name > version dos-header > unusual dos-stub > size > unusual file > signature label > %s group > types sections > unreadable sections > shared sections > self-modifying sections > nameless