Professional Documents
Culture Documents
Lab 1 - File Signature Analysis Lab
Lab 1 - File Signature Analysis Lab
Lab 1 - File Signature Analysis Lab
This lab is designed to teach the students to determine if a file has a mismatched file extension,
a common method attackers use to deliver malware successfully through firewalls and to hide it
from the typical user.
For this lab, install the ICY Hexplorer hex editor (hex_setup26.exe) and WinRAR (wrar550.exe)
from the Lab 1 folder. Launch ICY Hexplorer and change the font (View > Options… > Font:
System Fixed Font). To answer the following questions drag each file into ICY Hexplorer. Use
“File Signatures.htm1” as a reference for the file signatures. HINT: Search for the hex characters
of the header.
1. file1
First four bytes: _________________________________
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________
2. file2
First four bytes: _________________________________
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________
3. file3
First four bytes: _________________________________
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________
4. file4
First four bytes: _________________________________
1
https://www.garykessler.net/library/file_sigs.html
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________
5. file5
First four bytes: _________________________________
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________
6. file6
First four bytes: _________________________________
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________
7. file7
First four bytes: _________________________________
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________
8. file8
First four bytes: _________________________________
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________