What file is this ?

Hi folks,

I would like to share a simple file analyses. The file analyses is the first step in malware analyses to determine what file it is. There are some tools out there to help you finding out files with its signature. One of the tools that I would suggest is Trid-e https://mark0.net/soft-trid-e.html.

This application will analyze the file using its signature collection which always updated that can be downloaded https://mark0.net/download/triddefs.zip. You should place the signature database in the same place of the executable.

Lets run this tools. it will show like below result.

C:\Users\Malware\Desktop\Tools\trid_w32>trid.exe budget-report.exe

TrID/32 - File Identifier v2.24 - (C) 2003-16 By M.Pontello
Definitions found:  12694
Analyzing...

Collecting data from file: budget-report.exe
 48.1% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
 25.4% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
 10.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  6.9% (.EXE) Win32 Executable (generic) (4508/7/1)
  3.1% (.EXE) OS/2 Executable (generic) (2029/13)

C:\Users\Malware\Desktop\Tools\trid_w32>

So with the above result, We can determine that file is executable file compiled with visual c++ and We can ignore information that less then 10%

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s