Hey all,
Another little side quest: dissecting the Portable Executable format in vvvv!
Portable Executable (PE) is the file format that structures .exe and .dll files.
By examining the inner structure of these files, you can unveil some interesting details without having to execute them, which comes in handy if you suspect they’re malicious.
You can for instance know which functions they’re calling, whether or not they were intentionally obfuscated, how/when they were compiled..
This library makes use of PeNet under the hood, which is a vvvvery cool PE parser for .NET. They also have a web version that allows you to dissect a PE in your browser!
Things will most likely change a lot over time, so don’t expect a stable nodeset anytime soon :-)
Edit: for a nice intro and deep dive on the PE file format, check this series of articles by 0xRick.