1. Determining the File Type
During your analysis, determining the file type of a suspect binary will help you identify the malware's target operating system (Windows, Linux, and so on) and architecture (32-bit or 64-bit platforms). For example, if the suspect binary has a file type of Portable Executable (PE), which is the file format for Windows executable files (.exe
, .dll
, .sys
, .drv
, .com
, .ocx
, and so on), then you can deduce that the file is designed to target the Windows operating system.
Most Windows-based malware are executable files ending with extensions such as .exe
, .dll
, .sys
, and so on. But relying on file extensions alone is not recommended. File extension is not the sole indicator of file type. Attackers use different tricks to hide their file by modifying the file extension and changing its appearance to trick users into executing it. Instead of relying on file extension, File signature can be used to determine the file type.
A file signature is a unique sequence of bytes...