Hi folks,
I would like to share a simple file analyses. The file analyses is the first step in malware analyses to determine what file it is. There are some tools out there to help you finding out files with its signature. One of the tools that I would suggest is Trid-e https://mark0.net/soft-trid-e.html.
This application will analyze the file using its signature collection which always updated that can be downloaded https://mark0.net/download/triddefs.zip. You should place the signature database in the same place of the executable.
Lets run this tools. it will show like below result.
C:\Users\Malware\Desktop\Tools\trid_w32>trid.exe budget-report.exe
TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello
Definitions found: 12694
Analyzing...
Collecting data from file: budget-report.exe
48.1% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
25.4% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
10.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.9% (.EXE) Win32 Executable (generic) (4508/7/1)
3.1% (.EXE) OS/2 Executable (generic) (2029/13)
C:\Users\Malware\Desktop\Tools\trid_w32>
So with the above result, We can determine that file is executable file compiled with visual c++ and We can ignore information that less then 10%
