New

The executive guide to generative AI

Read more

PE Header Fields

edit

These fields contain Windows Portable Executable (PE) metadata.

PE Header Field Details

edit
Field Description Level

pe.company

Internal company name of the file, provided at compile-time.

type: keyword

example: Microsoft Corporation

extended

pe.description

Internal description of the file, provided at compile-time.

type: keyword

example: Paint

extended

pe.file_version

Internal version of the file, provided at compile-time.

type: keyword

example: 6.3.9600.17415

extended

pe.original_file_name

Internal name of the file, provided at compile-time.

type: keyword

example: MSPAINT.EXE

extended

pe.product

Internal product name of the file, provided at compile-time.

type: keyword

example: Microsoft® Windows® Operating System

extended

Field Reuse

edit

The pe fields are expected to be nested at: dll.pe, file.pe, process.pe.

Note also that the pe fields are not expected to be used directly at the top level.

Was this helpful?
Feedback