1.1 File type

We need to identify the file type before doing anything with it.

Trid is a tool that can help in identification of file type. You can download the tool and filetype definitions from the following URL:

http://mark0.net/soft-tridnet-e.html

TrIDNet is an executable for the trid tool.

TrID XML defs is a ZIP file that contains definitions. Definitions need to be extracted and TrIDNET should point to the definitions folder before analyzing a file. The definition contains a signature for a lot of file formats (explained in Chapter 1, Malware from Fun to Profit) with which it can recognize a file type. Usually, the signature for a file format is the first few bytes at the beginning of the file:

Now, when we identify the file is a Windows .exe file, we can use other tools to analyze the binary.

CFFExplorer is a tool that can analyze the PE file format. You can download the tool from: http://www.ntcore.com/exsuite.php

This tool can reveal a lot about a PE executable. Now we know the file is a PE executable, we can look into the properties of an executable.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.34.178