{% if file.pe %}

PE Information

{% if file.pe.imagebase %} {% endif %} {% if file.pe.entrypoint %} {% endif %} {% if file.pe.reported_checksum %} {% endif %} {% if file.pe.actual_checksum %} {% endif %} {% if file.pe.osversion %} {% endif %} {% if file.pe.pdbpath %} {% endif %} {% if file.pe.timestamp %} {% endif %} {% if file.pe.imphash %} {% endif %} {% if file.pe.icon %} {% endif %} {% if file.pe.icon_hash %} {% endif %} {% if file.pe.icon_fuzzy %} {% endif %} {% if file.pe.icon_dhash %} {% endif %} {% if file.pe.exported_dll_name %} {% endif %} {% if file.pe.imagebase %} {% endif %} {% if file.pe.entrypoint %} {% endif %} {% if file.pe.reported_checksum %} {% endif %} {% if file.pe.actual_checksum %} {% endif %} {% if file.pe.osversion %} {% endif %} {% if file.pe.pdbpath %} {% endif %} {% if file.pe.timestamp %} {% endif %} {% if file.pe.imphash %} {% endif %} {% if file.pe.icon %} {% endif %} {% if file.pe.icon_hash %} {% endif %} {% if file.pe.icon_fuzzy %} {% endif %} {% if file.pe.icon_dhash %} {% endif %} {% if file.pe.exported_dll_name %} {% endif %}

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	PDB Path	Compile Time	Import Hash	Icon	Icon Exact Hash	Icon Similarity Hash	Icon DHash	Exported DLL Name
{{file.pe.imagebase}}	{{file.pe.entrypoint}}	{{file.pe.reported_checksum}}	{{file.pe.actual_checksum}}	{{file.pe.osversion}}	{{file.pe.pdbpath}}	{{file.pe.timestamp}}	{{file.pe.imphash}}		{{file.pe.icon_hash}}	{{file.pe.icon_fuzzy}}	{{file.pe.icon_dhash}}	{{file.pe.exported_dll_name}}

{% if file.pe.versioninfo %}

Version Infos

{% for info in file.pe.versioninfo %} {% if info.name %} {% endif %} {% endfor %}

{{info.name}}	{{info.value}}

{% endif %} {% if file.pe.peid_signatures%}

PEiD Signatures

{% for sig in file.pe.peid_signatures %} {% endfor %}

{{sig}}

{% endif %} {% if file.pe.sections %}

Sections

{% for section in file.pe.sections %} {% endfor %}

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
{{section.name}}	{{section.raw_address}}	{{section.virtual_address}}	{{section.virtual_size}}	{{section.size_of_data}}	{{section.characteristics}}	{{section.entropy}}

{% endif %} {% if file.pe.overlay %}

Overlay

Offset	{{file.pe.overlay.offset}}
Size	{{file.pe.overlay.size}}

{% endif %} {% if file.pe.resources %}

{% for section in file.pe.resources %} {% endfor %}

Name	Offset	Size	Language	Sub-language	Entropy	File type
{{section.name}}	{{section.offset}}	{{section.size}}	{{section.language}}	{{section.sublanguage}}	{{section.entropy}}	{{section.filetype}}

{% endif %} {% if file.pe.imports %}

{% for dll, library in file.pe.imports.items() %}

{% for function in library.imports %}

• {{function.address}} {{function.name}}

{% endfor %}

{% endif %}

{% if file.pe.exports %}

Exports

{% for export in file.pe.exports %} {% endfor %}

Ordinal	Address	Name
{{export.ordinal}}	{{export.address}}	{{export.name}}

{% endif %} {% if file.pe.digital_signers %}

Digital Signers

{% for cert in file.pe.digital_signers %} {% if cert.subject_commonName %} {% endif %} {% if cert.subject_commonName %} {% endif %} {% if cert.subject_organizationalUnitName %} {% endif %} {% if cert.subject_streetAddress %} {% endif %} {% if cert.subject_localityName %} {% endif %} {% if cert.subject_stateOrProvinceName %} {% endif %} {% if cert.subject_postalCode %} {% endif %} {% if cert.subject_countryName %} {% endif %} {% if cert.issuer_commonName %} {% endif %} {% if cert.issuer_organizationName %} {% endif %} {% if cert.issuer_organizationalUnitName %} {% endif %} {% if cert.issuer_localityName %} {% endif %} {% if cert.issuer_stateOrProvinceName %} {% endif %} {% if cert.issuer_countryName %} {% endif %} {% if cert.serial_number %} {% endif %} {% if cert.sha256_fingerprint %} {% endif %} {% if cert.sha1_fingerprint %} {% endif %} {% if cert.md5_fingerprint %} {% endif %} {% if cert.not_before %} {% endif %} {% if cert.not_after %} {% endif %} {% endfor %}

Certificate Common Name	{{cert.subject_commonName}}
Subject Organization Name	{{cert.subject_commonName}}
Subject Organization Unit Name	{{cert.subject_organizationalUnitName}}
Subject Street Address	{{cert.subject_streetAddress}}
Subject Locality	{{cert.subject_localityName}}
Subject State or Province	{{cert.subject_stateOrProvinceName}}
Subject Postal Code	{{cert.subject_postalCode}}
Subject Country	{{cert.subject_countryName}}
Issuer Common Name	{{cert.issuer_commonName}}
Issuer Organization Name	{{cert.issuer_organizationName}}
Issuer Organization Unit Name	{{cert.issuer_organizationalUnitName}}
Issuer Locality	{{cert.issuer_localityName}}
Issuer State or Province	{{cert.issuer_stateOrProvinceName}}
Issuer Country	{{cert.issuer_countryName}}
Serial Number	{{cert.serial_number}}
SHA256 Fingerprint	{{cert.sha256_fingerprint}}
SHA1 Fingerprint	{{cert.sha1_fingerprint}}
MD5 Fingerprint	{{cert.md5_fingerprint}}
Not valid before	{{cert.not_before}}
Not valid after	{{cert.not_after}}

{% if file.pe.guest_signers.aux_signers %}

Microsoft Certificate Validation (Sign Tool)

{% if file.pe.guest_signers.aux_valid %} {% else %} {% endif %}

SHA1	Timestamp	Valid	Error
{{file.pe.guest_signers.aux_sha1}}	{{file.pe.guest_signers.aux_timestamp}}	Yes	None	No	{{file.pe.guest_signers.aux_error_desc}}

{# {% for signer in file.pe.guest_signers.aux_signers %} {% endfor %} #}

Chain	Issued to	Issued by	Expires	SHA1 Hash
{{signer.name}}	{{signer\|getkey"Issued to"}}	{{signer\|getkey"Issued by"}}	{{signer.Expires}}	{{signer\|getkey:"SHA1 hash"}}