Professional PE Explorer is a tiny free tool for investigating executable files: EXE, DLL, SYS, SCR, OCX and more.
Drag and drop the suspect file, potential malware or whatever else onto the program and a left-hand tree lists some of its structures: DOS Header, NT Header, Section Headers, assorted directory entries and more.
You're able to edit sections, view entropy and MD5 calculations, dump elements of the file, even browse it in depth with a built-in hex editor.
While this is aimed at experts, there are elements here that could be helpful to anyone.
NT Header > File Header tells you whether this is a 32 or 64-bit EXE.
NT Header > Optional Header has an item indicating whether it's a GUI or console program.
If the EXE has a digital signature then a DIRECTORY_ENTRY_SECURITY section gives you details on its name, date and more. (This relies on the Windows API but should still work just fine in most situations.)
Sometimes there's a DIRECTORY_ENTRY_DEBUG section which shows you when the EXE was compiled, and its location on the developer's hard drive.
A "Strings in file" section locates strings of characters in the file and organises them into four categories: ASCII, Unicode, URL and Registry.
Right-clicking any item displays an option to search for it in Google or MSDN.
Verdict:
Professional PE Explorer is a likeable static investigator, comfortable to use and with a long list of solid and reliable features.
Your Comments & Opinion
Powerful dual-pane file manager with strong archive, FTP and macro support
Will that EXE run on your PC?
Find strings - URLs, GUIDS, emails - in files
View and manage Windows startup programs
Uncover the innards of executable files with this powerful programmer's tool
Log executable files as they're created on your system
Spy on windows messages at a click
An intelligent free cross-platform editor for developers
Create, edit and convert images from the command line
A powerful, portable Notepad replacement
A powerful, portable Notepad replacement