We need to identify the file type before doing anything with it.
Trid is a tool that can help in identification of file type. You can download the tool and filetype definitions from the following URL:
http://mark0.net/soft-tridnet-e.html
TrIDNet is an executable for the trid tool.
TrID XML defs is a ZIP file that contains definitions. Definitions need to be extracted and TrIDNET should point to the definitions folder before analyzing a file. The definition contains a signature for a lot of file formats (explained in Chapter 1, Malware from Fun to Profit) with which it can recognize a file type. Usually, the signature for a file format is the first few bytes at the beginning of the file:
Now, when we identify the file is a Windows .exe file, we can use other tools to analyze the binary.
CFFExplorer is a tool that can analyze the PE file format. You can download the tool from: http://www.ntcore.com/exsuite.php
This tool can reveal a lot about a PE executable. Now we know the file is a PE executable, we can look into the properties of an executable.