drop a windows pe exe or dll · detect packers · section entropy · import table analysis · overlay data · pe header anomalies · runs locally