Portable Execution (PE) format internals!

All this low level stuff also got me thinking about the first ever Windows worm I had to deal with when working at a previous company - The Nimda Worm (https://en.wikipedia.org/wiki/Nimda.

This was the first every worm that I had captured and analysed myself - to do so needed an understanding of the Windows Portable Executable (PE) format and these links where just what I needed:

https://msdn.microsoft.com/en-us/magazine/cc301805.aspx

https://msdn.microsoft.com/en-us/library/ms809762.aspx

Happy Days.....