Professional PE Explorer is a tiny free tool for investigating executable files: EXE, DLL, SYS, SCR, OCX and more.

Drag and drop the suspect file, potential malware or whatever else onto the program and a left-hand tree lists some of its structures: DOS Header, NT Header, Section Headers, assorted directory entries and more.

You're able to edit sections, view entropy and MD5 calculations, dump elements of the file, even browse it in depth with a built-in hex editor.

While this is aimed at experts, there are elements here that could be helpful to anyone.

NT Header > File Header tells you whether this is a 32 or 64-bit EXE.

NT Header > Optional Header has an item indicating whether it's a GUI or console program.

If the EXE has a digital signature then a DIRECTORY_ENTRY_SECURITY section gives you details on its name, date and more. (This relies on the Windows API but should still work just fine in most situations.)

Sometimes there's a DIRECTORY_ENTRY_DEBUG section which shows you when the EXE was compiled, and its location on the developer's hard drive.

A "Strings in file" section locates strings of characters in the file and organises them into four categories: ASCII, Unicode, URL and Registry.

Right-clicking any item displays an option to search for it in Google or MSDN.


Professional PE Explorer is a likeable static investigator, comfortable to use and with a long list of solid and reliable features.