Professional Documents
Culture Documents
Lab 1 - File Signature Analysis
Lab 1 - File Signature Analysis
This lab is designed to teach the students to determine if a file has a mismatched file extension,
a common method attackers use to deliver malware successfully through firewalls and to hide
it from the typical user.
For this lab, install the ICY Hexplorer hex editor (hex_setup26.exe) and WinRAR (wrar550.exe)
from the Lab 1 folder. Launch ICY Hexplorer and change the font (View > Options… > Font:
System Fixed Font). To answer the following questions drag each file into ICY Hexplorer. Use
“File Signatures.htm1” as a reference for the file signatures. HINT: Search for the hex characters
of the header.
1. file1
First four bytes: FF D8 FF E1
File Extension/Type: JPG Digital camera JPG using Exchangeable Image File Format (EXIF)
Rename the file with the correct extension and open it. What is it?
Poză “INCOMING”
2. file2
First four bytes: 25 50 44 46
File Extension/Type: PDF, FDF, AI Adobe Portable Document Format, Forms Document
Format, and Illustrator graphics files
Rename the file with the correct extension and open it. What is it?
Document pdf întitulat “On the Effectiveness of Malware Protection on Android”
1 https://www.garykessler.net/library/file_sigs.html
4. file4
First four bytes: 4D 5A 90 00
File Extension/Type: ZAP ZoneAlam data file
Rename the file with the correct extension and open it. What is it?
Nu se deschide.
5. file5
First four bytes: 49 54 53 46
File Extension/Type: CHI, CHM Microsoft Compiled HTML Help File
Rename the file with the correct extension and open it. What is it?
SQL Server Configuration Manager Help
6. file6
First four bytes: D0 CF 11 E0
File Extension/Type: DOC, DOT, PPS, PPT, XLA, XLS, WIZ
Rename the file with the correct extension and open it. What is it?
Meniu la “Brick Oven Pizzas”
7. file7
First four bytes: 50 4B 03 04
File Extension/Type: ZIP ZLock Pro encrypted ZIPRename the file with the correct
Rename the file with the correct extension and open it. What is it?
2 fişiere arhivate: file3 şi file8