AI-Powered Cyberattacks: How to Detect, Prevent & Defend Against Intelligent Threats

Read Now
We utilize artificial intelligence for site translations, and while we strive for accuracy, they may not always be 100% precise. Your understanding is appreciated.
Home/ Blog / Portable Executable Information in Metascan…
Blog

Portable Executable Information in Metascan Online Results

by Yiyi Miao, Chief Product Officer
Share this Post

We've been working to add more information to Metascan Online results to empower our users with more data and context about the files they scan. So as of this week, we're excited to release more metadata in our scan results, starting with portable executable (PE) information.

File details for this clean file


File details for this malicious file

For hashes that have PE information, you'll now see a "FILE DETAIL" tab next to the standard scan results. Some new information you'll see:

  • What platform does the executable run on
  • What time was the executable compiled
  • What dynamically linked libraries (DLLs) are loaded into the system when the executable is run
  • The signature information of the executable writer


This new information can be used to understand binaries; PE information is particularly helpful because it gives more insight about the files themselves: who the file is signed by, the date the file was compiled, the associated DLLs that get downloaded, etc. These all help to develop better context around the file. Moreover, this is just the beginning of the kinds of metadata that will be shown on Metascan Online.

Whenever you upload an executable file (or similar) on Metascan Online, you'll immediately see those results. If you do a hash lookup, only files that were recently scanned for PE information will show the new results. If a file has not yet extracted the new metadata, and it's not in the results, simply do a rescan for the PE information.


If your hash lookup does not show the metadata, simply click on the rescan button. An extra process will start behind the scenes, extracting the PE details. Once that's complete, you will see the PE results show up.

Portable executable information is just one of many additional metadata we'll be showing in the scan results in the coming releases. Stay tuned, and happy multi-scanning!

To obtain your free Metascan Online API key and start scanning files, create an account on the OPSWAT Portal. Contact sales for interest in using high-volume file scans (or other Metascan Online services) for your business.

Tags:

Latest Posts

Sign up for the OPSWAT Newsletter

Get the latest OPSWAT company updates along with event information and the news that's driving the industry forward.
Sign Me Up

Follow Us on Social Media

Follow OPSWAT on your LinkedIn, Facebook, Twitter, and YouTube for more!

Stay Up-to-Date With OPSWAT!

Sign up today to receive the latest company updates, stories, event info, and more.
Subscribe