Every Windows binary, benign or malicious, travels as a Portable Executable. This module equips you to read that blueprint like a map. You’ll learn the hierarchy of headers that the OS loader trusts, follow RVAs to real bytes on disk, and inspect the import, export, and other intricate parts of the PE file format that reveal a program’s intentions. Finally, you’ll contrast EXE and DLL flavours so you can spot masquerading tricks attackers love. With this knowledge, any sample you meet later in the course will feel less like a black box and more like a well-labelled puzzle you already know how to solve.