filescanner.online logofilescanner.online
FileScannerfilescanner.online
URLScannerurlscanner.online

Analyze PE & ELF Binaries Online. Free, Deep, Private.

Full PE and ELF binary analysis — headers, sections, import tables, entropy, packer detection, MITRE ATT&CK mapping, and YARA rule matching. No installation, no account required.

AN1GqovoSnVkEMEjVyHl50nDOj2EglaR0lRBKNyVPWNhP5sM9YnWZd4F14gOjXT0sYHkMLNM7NkbZqqwrxwbJY7k3eI5MGy1Vmn2H6kfqk6wmHDjVHL7ckMGYPSVVYZciALuCHynwrPfy5nep7NP6PJcl70PdtKffyh2WEwNDAMGfqg9q8H5LEZyI7TO4MdPtF21ZKrvUNuIl6UjZRqdhZGTBG2acKQUhZ1YCnfw5GIUZKPXgfyQJnri09MnIPhxrOVgTEZeeUJbQkUOq7gjFPFLFjEIxdBZq7hI96Ya64UR0I5KQlacRZNT16uXobq9tIugA9nFiNVY5iIRhGf3LtBzscee7ewyNrDcZCFyCkoDnUguJ2JUi8DYvDkZasmHrfQ7vUdonFipeYdeH6PRv46tE87daQOl935PB5xrYROrmoOeeXGXUtnBdfDLOUyXZnVavc8mggDx3Gj1YOKyxYTVcHXvBtKKLHUMleqUlmko6bvn3dBUA2RlNS4L2zn3yIrbeyVUvr1L7VCxicTlIiS6uEUvLe5eZkZFcPeOVJhJ7Of5eCmmesZfcT8xWsWZQW7iBe7UDk9MJJ64pnNV6H1usD7SBnpCLdFilyALaNWXbrOa3LQ65BbczyUByo8Q7nqDGP5ZXQdVylhqflOKhxCmErc8V0ylanfeab1S1KNeWJiSotVgRxbpOZRz2ndnfl8kQ9XzD5pIQt2ZbSNkS6COSOw8p0guhESqZwUm4D8TrfUrv6uRveqPi0h1ObxOql34zpcLwg6dQGgUNRb9zBILUUPAtI31Ua0PBOVDT8IqlEtqgR0gRjZKqQ0xjWGuW4XQtohz6jJyM4sgzCblAMcMj529IECGIb6OeCrC5XCp3R7o9ZGduGsbRi8Z3sowXzpXiuCdCZcKXohsQlOsBNwZyUCeO9MX6r8ExZtE1XsZCiK3965PIAyv5DhEUlFmULyP6Y9z7SVKXYFmQwrlFNzaqKapvO1wAS6gwDL8vetXOS5BKiCYlBhyInXwknXTe3aHLYcU5IEFkaiaFYdTfNdJYp19mA4EfE9eZWEkKLwRQUFbkSqg6g8hDwZSEQI9qSkZaVBeXxNZJrvE0ryB1mMpxlnyDaes4U6ci0YPNXyIZTGUK5DpwJtboAzYehGYeaw86q4p7JMOswX6TWUOM3FrDor5S0OdMRRqDaaUwMIbQz3ZGpTcG6aV4xcaSllEScFSioFO4iaaONLVObazWuXqtb2Pr32bqUVtXgBg3m3Pd8B5pIkrgNmJNcTxoujpnCODz0a198xmlJYPDJVmAfeSH24ULyonfeHahhYzrnr2boViurkSuAqTfgc1Vcyxiqj68YcCDbVz4KDsNItcWpbWNrcds18bj79U7hzXVZOdrnYMXknuiAa5WM4IQpdQm3sgjS029hfEM86ZpgwZugSkD6CaW22WNcFWB8O82HLmgEHqZXDVjXdFN5nG4UYFvQYhbBZatiN7kKhlyvaCQfI07XbTVEJMcYL44szbdVBncTMkLT0MpxqdXmrBDrN4Av26UPtfFxj3NO4Yb9h2vXrvps3l0l0rWZP9bl5uImZ7iVKEJqzGlI5QJoqODn9wwF1qS7OgEylHLhrk6fnHRb71UJmSxJN0LwkUFf7YpaDNNJ5QoVRbeLGA6BWq2B5umEke6ZOWypaErt9n735JIVeczwcmIbqHKIkMITl55UIfaYKCOciTi8cjyZTXJOj3bSLs9YryPoOZ6rBLbwaGENf37eW7m3TYvIaPFqAnrxrZn9yqmD1fBVnYdcLVoD9NlbIvxMS2YV4w8vmTU3VLaKt8ITNBDAmDQ1eUTr2diFNCrg9jnsX9TimNet5vE7YN5OeyDMWSg05VMT0HhCUv8dMsWpwdcczZljCwQwAlnBdDt90DEBApTq0dABC7DTwMuEBHDNqljiwugV5Y4uW9MufDe7BsUrp57yGsTpaLTNExUSeuXlKdKn96YnlwwySxAOjqvwjwKjNiH8gUIzTm37hkFZW62HIO6VDrZ84TxS0Aaru2gJUJLC9eS2MEPdVdTQGmRNKoEr9ox0aZFDkar6VDuWgXQJz1ajyp6T7Jknx3jQkBVjI62Uum5OE2DUrHpogfNz3LzqCzG9QMIxoSJEzJ5HTkgX3MJu33OxDlDHV187ZpOs54tgVJrPDt40Is6jcfDL2VWrGqF14FdSa8c04EeD7FIpPsvCiMiJVchhWqF3whD2ItxCIB4PJ72Ju12ITr2ZRCeXUNt3zk1kKWsCRDSV6dLfDiK9h9qaFkYyxpHDW5isDC4wuflLfZJvnkE3saATpSSwrVAzfbBFhICCQ4aJFIpqc7pZb60JcgE8Irz5o17wC9BQpEwYlC5nRjEvZOJ0L00TMsUq9wC4kvprB5sfu1j4swmD84YxWTsftrr41XNI5AoIRgNOF4i7QkhP2latoQeG9lOVi7qrjvot2wcSNwzizYDWYSIQCCbagfRYEW5SOhIeaF4sCO76QBylIQdgrHnT8kUmbRm6T27003Y2vfk3eNpHEuuFQ71tOaTd5dzKbO9vpZk0MSTvwozhToCvPnyuIyrEuF6kOnHdDiEas9EiuF5YpAZYLiaq2Fpb6o0quylrkRHt5Z0zIHvZRu6zooi6KZ2gpryxeI8NsW9XuvXnWak2NSpIyJhO8ZNrCmI4T8lB5Zjn1upYYIB867Q9oHAISFV3jMG29NryhilSwD2GI4CUgZCgvEMZVUDwRi11EuZMLYz37zB5BfPMfEObqb6wQ2vEwxcT6CbiJS9eX43YKhOYrEibWKSTqBXymTMjnxXnGylxrHpTawKgHuEzSHIsRQxE26IU4ukdmQe1mJlOlnkNEbCS2M8fbmpbrke0ejGfTnWTOSA13TxIHedSOiCz0UKbUrL8iCLnnE7FbwWQo8Usr9Fsn2IYnbGH6KU3f0z26aiVTl1XEk0R1kpVE8UWCV3czn6BOP2c29RqOcKxw5yjSzGbh70vwESGngMqMtcaZl52IVdJ8L15SWPyaTAGBkG3Kc2aOOunfPtN9XcUyWbTVAjOnqAkygfSZId37n7RKnHVbPDlrLv1VYa5NsLryeGgFI65FvqWIG41egXDUdtn5gkyeeFryOBAhG0L3PkKxn19dQorrZqhRdENL96iyTd3qiwXR6Ltyg0CtwZUmo3R9dZRbJeRYVi0MXKnJUkrM9SfTeKOM2WIGE4FdEju2AtVdW7PIIlaSiF4cZHyzKUnRfaMOtzGdeCkjeYso4LSrrLu2sPzzITwSqvG5ofJAvQJUvIlfE2aq7oFr5KBsSICPXBZntUB4qzKWIxvwncnXi7DqXTp5VTiNcjJgXsEA8pvMQlV1nP0PnfKJbMbtmK36gGEUHfboRz8fv46zGxCjmBSjs7LafdoSSxvSpSlQkQvV5dPDSpTJE9jWGzQo4ieWeZeWJPU3DoxPYP1FdZ7eksSiW1WNWwW1a4OZSZxK52qL5GpHNBPYzMrRK9NbfaWySUCrazHXARkw2uUtSyHdW8sBR0foZ2dWBEnJLZrHhELzjwqM7T2FNRRZwKH3HHSmVT1TPssohkJsPzxrsXy4pMlitGegnKynd1LjDTDJffUWvnX9Z5LjNpzsRZL4eQgvvJmva6cRbCzBHCcniHoPHOXu111bxW4Q0KjT2LnOM68CU3RIUapYsClFbnrmkFqIA8X6SCbhcICcVo3Mes4sTnxddt50u0mKGVh52YynSmKo4YbImptSTiIpNb2J4p38ui9swo99Gzjt3wSYvVYnGvuHPpSwiqPu8m9CgOLya8k2I5OXhPTHmtPQRmfPpe9vzcIxx8HXDMDtv6pnyk90ZMNIbd06RXTNdKdlNg5E7A1uvZyQQZofovuFfpbeQzCSLsnMWlMBEUWer1cTepNfLVR1KWHR9cCgyggOlFRbaIz9tk8qdJyi2se4Ph6UOqd0nfdE0FCRDjD5t7Z82dFqru6aGadhnjH5SqP4lOzaUZ5N1qZvZ7SjAqUKx0TVbSJxjN6ETiRhwaj0H8m3x7CTfpPEVSDLTxBG0UrqLyRFKGcLegJNZET7deDwdV9XCKxjG0w3A78GzJt0fvC8C7tPc3W1W2kyl8R7lW7dN32YrgaVGuSGOLbkcUHMTOMfB0U2F5iGH3ttA9W5eTOlaRr8dHDmR5D1cCtz027897Me8THGsvsXofgZyWbVvfFJCW5T5B8cLVgjQj7FHM7zChQrxt5ejjnYVjeixzULyQXPfBEH2HFYLCdnRlYKXe0WhJ5AwCgLoJcjcuQ5VypllcIPiIDFYuOoQ28sYy5k76nOUrulLGsY2KjCEhy3wdxopQ5fDAonUWRVYpi1Is0J2dzXSqOdK1qvbOligMUK6axqOcNvco69h4KQsnMkb2qN2vfzjrV6Ae3HTfqs5gtzm2QtAASPXHrEzSu2IF9NJxawfWLeI494geE72bvAqvpYrYLMwuaf6L26gHOr0pejvlXQSFKPz37do31WLseDbUcypLLYD8lP6WkxlLu2oY1yP40oAzgI5sHTfjCvgJsqdMdlNQQg0ZXZQ6hPhUfqyEMjyac8DbAHXJAHQvgz53fvdZurggmoVsA2UTCKItV4FEPWgp58ak58dwmwAZtw2pJxXwCKYKsezhcafbsmV1DDzQ0PzGIheUDDs34Svb7ccC31cUH3KLun85HfX5lFUnqZmnsmdmJOy2BXtCd9V4exO1XbbbPBed2RQWzxdUWC4YjzigmaQVf4CKFC1MR9vv803fvwb93MDpI8fhyfzgK4I9UR5fC2akaDJ2zJUrHI6Gs7YwGFDlmSK4EXCckHzzOifS75KOnV17MTibSzc4Acldtj1uVcGuYjlc9MCRfTMW1mTPkLGHlmuCVpbE5iXZMm3329pLd2BRuIMEWn06ZqCh5TtmysToLScEaRnH5La3QWMLFkf2zHV34qpYvRT9saT0b5vlSzJBIYobtt0Cq53kStjLdGEOq5ocjP3KlD0MxhdYnML7KRJn5sUOzHA

Hash Verification

MD5, SHA1, SHA256 file hash checksums

Binary Analysis

PE & ELF binary parsing, sections, imports

YARA Scanning

17 rules across 13 threat categories

Malware Detection

70+ suspicious API & import detections

Deep binary analysis

What the PE/ELF Analyzer Shows

Understanding the internal structure of an executable is critical for malware analysis. filescanner.online parses PE and ELF binaries in full — from headers to import tables — and correlates findings with YARA rules, entropy analysis, and MITRE ATT&CK technique mapping.

PEWindows Portable Executable fields

Machine architecturex86 (PE32) / x64 (PE32+) / ARM
Compile timestampOriginal build date (suspicious if zeroed or future-dated)
Entry pointVirtual address of execution start
SectionsName, virtual size, raw size, flags, per-section entropy
Import tableEvery DLL and imported function name
Export tableExported functions and ordinals
Digital signatureAuthenticode signature presence
ChecksumStored vs computed — mismatch flags tampering
Rich headerCompiler and linker version fingerprint
TLS callbacksPre-entry-point execution — common in packers
OverlayData appended after the PE — often embedded payloads
ImphashImport hash for similarity matching

ELFLinux/Unix Executable and Linkable Format fields

Class32-bit (ELF32) or 64-bit (ELF64)
EndiannessLittle-endian or big-endian
OS/ABITarget OS (Linux, FreeBSD, Solaris …)
MachineArchitecture (x86_64, ARM, MIPS, RISCV …)
Entry pointExecution start address
SectionsName, type, size, permissions, entropy
Dynamic importsShared library dependencies and imported symbols

Shannon entropy per section

Encrypted or compressed sections have entropy above 7.2 bits/byte. High-entropy sections are a strong indicator of packing, encoding, or embedded shellcode.

MITRE ATT&CK mapping

Suspicious imports (e.g., VirtualAllocEx, WriteProcessMemory) are mapped to ATT&CK techniques — giving you actionable context on the file's capabilities.