Skip to content

Instantly share code, notes, and snippets.

@cmattoon

cmattoon/README.md

Last active July 1, 2024 14:32
Show Gist options
  • Save cmattoon/e937726737b615904052 to your computer and use it in GitHub Desktop.
Save cmattoon/e937726737b615904052 to your computer and use it in GitHub Desktop.
Download ZIP
Visual Binary Analysis
Raw
README.md

MySQL Dump

This shade of green happens to correspond to mostly-ASCII characters. This color green correlates to mostly ASCII chars

GPG Encryption

Symmetric (gpg -c) encryption of the above MySQL dump. Encryption - Random Colors in Random Places

Compiled Binary

A short program compiled with g++. Compiled Binary

Finding a Memory Leak in a Core Dump

Generated from the following program:

#include <stdlib.h>
#include <unistd.h>
void fun()
{
  int *ptr = new int(1234);
}
int main()
{
  int i=0;
  while(i++<2500)
    {
      fun();
    }
  sleep(360);
  return 0;
}

Core Dump With Memory Leak

Raw
getheaders.py
#!/usr/bin/python
import requests,csv
from bs4 import BeautifulSoup
def getPageUrl(page):
return "http://www.filesignatures.net/index.php?page=all&currentpage=%s&order=EXT&alpha=" % str(page)
def getPage(pg):
"""Returns HTML or False"""
r = requests.get(getPageUrl(pg))
if r.ok:
return r.content
return False
def parsePage(pg):
data = []
html = getPage(pg)
if html is not False:
bs = BeautifulSoup(html)
table = bs.find('table', id='innerTable')
if table:
rows = table.find_all('tr')
for row in rows:
tds = row.find_all('td')
if len(tds) == 4:
_,ext,sig,desc = [td.getText() for td in tds]
if ext == 'Extension':
continue
yield [ext, sig, desc]
with open('signatures.csv', 'wb') as fd:
csvfile = csv.writer(fd)
for i in range(1,18):
print(" [+] Page %d" % i)
for item in parsePage(i):
print(" %s" % (','.join(item)))
csvfile.writerow(item)
Raw
process_dir.py
#!/usr/bin/env python
"""
A small Visual Binary Analysis routine.
@author Curtis Mattoon <cmattoon@cmattoon.com>
Creates some images of files and shows an HTML page of 'em all (md5 hashes too)
Todo:
- Display different images side-by-side (or as gif)
- File info
- CLI args
"""
import os, sys, math
import datetime
import colorsys
from glob import glob
from md5 import md5
from PIL import Image, ImageDraw
COLORIZE = True
def getBytes(filename, maxsize):
"""Returns raw data from filename.
"""
bytes = ''
with open(filename, 'rb') as fd:
while True:
byte = fd.read(1024)
if byte:
bytes += byte
if len(bytes) < maxsize:
continue
break
return bytes
def showImage(image):
"""Provide a filepath"""
img = Image.open(image)
img.show()
def colorize(val):
val = (val / 255.0)
rgb = colorsys.hsv_to_rgb(val, 0.99, val)
return (int(rgb[0]*255), int(rgb[1]*255), int(rgb[2]*255))
def genImage(bytes, size, mx=None):
bytes = [ord(byte) for byte in bytes]
bytes = bytes if mx is None else bytes[:mx]
if COLORIZE is True:
img = [colorize(b) for b in bytes]
else:
img = [(b,b,b) for b in bytes]
lines = int(len(bytes) / size[0])+1
size = (size[0], lines)
im = Image.new('RGB', size)
im.putdata(img)
return im
def processFile(filename, width, outdir, outfile=None):
maxsize = 180000
size = (width, 1)
pixels = (size[0] * size[1])
bytes = getBytes(filename, maxsize)
img = genImage(bytes, size, maxsize)
fhash = md5(bytes).hexdigest()
if outfile is None:
outfile = "%s-%s.png" % (fhash, str(size[0]))
outfile = os.path.join(outdir, outfile)
img.save("%s" % (outfile))
return (outfile, fhash)
if __name__ == "__main__":
try:
pattern = os.path.abspath(sys.argv[1])
except IndexError:
print("Usage: %s <filename> width" % (sys.argv[0]))
quit()
try:
width = int(sys.argv[2])
except:
width = 64
master = {}
html = ["<html>",
"<head><title>Report for %s</title>" % pattern,
"<style>",
'html,body {background:#000;color:#193544;font-family:monospace}.md5,.name{text-align:center;float:left;width:50%;box-sizing:border-box}.name{color:#0d6493;font-weight:bold;font-size:1.2em;}'
'.filename{border: 1px solid;width: 100%;margin: 2em auto;padding: 1em;box-sizing: border-box;background: #080808;}',
'.img-container{text-align:center;margin:0.2em;color:#193544}.img-container img {max-width:100%;width:150px;height:300px;}',
'.meta{margin-top:1em;padding-top:1em;border-top:1px dotted #193544;}',
'table.stat{width:100%;border-collapse:collapse;color:#3B8CB8}',
'table.stat td{border:1px solid #193544;padding:0.4em;}',
'table.stat td:first-child{background:#091318}',
"</style></head>",
"<body><div id='files'>"
]
for width in [8, 16, 32, 64, 128, 256]:
images = []
for filename in glob("%s/*" % pattern):
outfile = os.path.basename(filename)+"_%s.png"%(str(width))
ofname = os.path.basename(filename)
if ofname not in master.keys():
master[ofname] = {}
img, md = processFile(filename, width, "/tmp/")
if img:
master[ofname][str(width)] = {
'src': img,
'md5': md,
'name':ofname,
'file':filename}
images.append(img)
def sk(k):
try:
return int(k)
except:
return k
for grp in master.keys():
html.append("<div class='filename'>")
html.append(" <table width='100%' border='0'><tr>")
for size in sorted(master[grp].keys(), key=sk):
img = master[grp][size]
src = img['src']
html.append('<td width="15%" class="img-container">')
html.append('<div class="size-label">'+size+'</div>')
html.append('<a href="'+src+'"><img src="'+src+'" alt="'+size+'"></a>')
html.append('</td>')
stats = os.stat(img['file'])
html.append('</tr><tr><td colspan="6"><div class="meta">')
html.append('<div class="name">'+img['name']+'</div>')
html.append('<div class="md5">'+img['md5']+'</div>')
html.append('<div class="stat">')
html.append('<table class="stat">')
html.append("<tr><td>Filesize</td><td>%s</td><td>%s</td></tr>" % (stats.st_size, ''))
fmt = '%Y-%m-%d %H:%M:%S'
atime = datetime.date.fromtimestamp(stats.st_atime)
atime = atime.strftime(fmt)
ctime = datetime.date.fromtimestamp(stats.st_ctime)
ctime = ctime.strftime(fmt)
mtime = datetime.date.fromtimestamp(stats.st_mtime)
mtime = mtime.strftime(fmt)
html.append("<tr><td>atime</td><td>%s</td><td>%s</td></tr>"%(stats.st_atime, atime))
html.append("<tr><td>mtime</td><td>%s</td><td>%s</td></tr>"%(stats.st_mtime, mtime))
html.append("<tr><td>ctime</td><td>%s</td><td>%s</td></tr>"%(stats.st_ctime, ctime))
html.append("<tr><td>Mode</td><td>%s</td><td>%s</td></tr>" % (stats.st_mode,''))
html.append("<tr><td>Inode</td><td>%s</td><td>%s</td></tr>" % (stats.st_ino,''))
html.append("<tr><td>Device</td><td>%s</td><td>%s</td></tr>" % (stats.st_dev, ''))
html.append("<tr><td>UID</td><td>%s</td><td>%s</td></tr>" % (stats.st_uid, ''))
html.append("<tr><td>GID</td><td>%s</td><td>%s</td></tr>" % (stats.st_gid, ''))
html.append('</table></div>')
html.append("</div></td></tr></table></div>")
with open('index.html', 'wb') as fd:
fd.writelines(html)
try:
import webbrowser
webbrowser.open('index.html')
except:
print("Failed to open index.html in your browser")
Raw
signatures.csv
* 41 43 53 44 AOL parameter|info files
* 62 70 6C 69 73 74 Binary property list (plist)
* 00 14 00 00 01 02 BIOS details in RAM
* 30 37 30 37 30 cpio archive
* 7F 45 4C 46 ELF executable
* A1 B2 CD 34 Extended tcpdump (libpcap) capture file
* 04 00 00 00 INFO2 Windows recycle bin_1
* 05 00 00 00 INFO2 Windows recycle bin_2
* AC ED Java serialization data
* 4B 57 41 4A 88 F0 27 D1 KWAJ (compressed) file
* CD 20 AA AA 02 00 00 00 NAV quarantined virus file
* 53 5A 20 88 F0 27 33 D1 QBASIC SZDD file
* 6F 3C SMS text (SIM)
* 53 5A 44 44 88 F0 27 33 SZDD file format
* A1 B2 C3 D4 tcpdump (libpcap) capture file
* 34 CD B2 A1 Tcpdump capture file
* EF BB BF UTF8 file
* FE FF UTF-16|UCS-2 file
* FF FE 00 00 UTF-32|UCS-4 file
* 62 65 67 69 6E UUencoded file
* D4 C3 B2 A1 WinDump (winpcap) capture file
* 37 E4 53 96 C9 DB D6 07 zisofs compressed file
123 00 00 1A 00 05 10 04 Lotus 1-2-3 (v9)
386 4D 5A Windows virtual device drivers
3GP 00 00 00 14 66 74 79 70 3GPP multimedia files
3GP 00 00 00 20 66 74 79 70 3GPP2 multimedia files
3GP5 00 00 00 18 66 74 79 70 MPEG-4 video files
4XM 52 49 46 46 4X Movie video
7Z 37 7A BC AF 27 1C 7-Zip compressed file
ABA 00 01 42 41 Palm Address Book Archive
ABD 51 57 20 56 65 72 2E 20 ABD | QSD Quicken data file
ABI 41 4F 4C 49 4E 44 45 58 AOL address book index
ABI 41 4F 4C AOL config files
ABY 41 4F 4C 44 42 AOL address book
ABY 41 4F 4C AOL config files
AC 72 69 66 66 Sonic Foundry Acid Music File
ACCDB 00 01 00 00 53 74 61 6E 64 61 72 64 20 41 43 45 20 44 42 Microsoft Access 2007
ACM 4D 5A MS audio compression manager driver
ACS C3 AB CD AB MS Agent Character file
AC_ D0 CF 11 E0 A1 B1 1A E1 CaseWare Working Papers
AD 52 45 56 4E 55 4D 3A 2C Antenna data file
ADF 44 4F 53 Amiga disk file
ADP D0 CF 11 E0 A1 B1 1A E1 Access project file
ADX 03 00 00 00 41 50 50 52 Approach index file
ADX 80 00 00 20 03 12 04 Dreamcast audio
AIFF 46 4F 52 4D 00 Audio Interchange File
AIN 21 12 AIN Compressed Archive
AMR 23 21 41 4D 52 Adaptive Multi-Rate ACELP Codec (GSM)
ANI 52 49 46 46 Windows animated cursor
API 4D 5A 90 00 03 00 00 00 Acrobat plug-in
APR D0 CF 11 E0 A1 B1 1A E1 Lotus|IBM Approach 97 file
ARC 41 72 43 01 FreeArc compressed file
ARC 1A 02 LH archive (old vers.|type 1)
ARC 1A 03 LH archive (old vers.|type 2)
ARC 1A 04 LH archive (old vers.|type 3)
ARC 1A 08 LH archive (old vers.|type 4)
ARC 1A 09 LH archive (old vers.|type 5)
ARJ 60 EA ARJ Compressed archive file
ARL D4 2A AOL history|typed URL files
ASF 30 26 B2 75 8E 66 CF 11 Windows Media Audio|Video File
AST 53 43 48 6C Underground Audio
ASX 3C Advanced Stream Redirector
AU 64 6E 73 2E Audacity audio file
AU 2E 73 6E 64 NeXT|Sun Microsystems audio file
AUT D4 2A AOL history|typed URL files
AVI 52 49 46 46 Resource Interchange File Format
AW 8A 01 09 00 00 00 E1 08 MS Answer Wizard
AX 4D 5A 90 00 03 00 00 00 DirectShow filter
AX 4D 5A Library cache file
BAG 41 4F 4C 20 46 65 65 64 AOL and AIM buddy list
BAG 41 4F 4C AOL config files
BDR 58 54 MS Publisher
BIN 42 4C 49 32 32 33 51 Speedtouch router firmware
BMP 42 4D Bitmap image
BZ2 42 5A 68 bzip2 compressed archive
CAB 49 53 63 28 Install Shield compressed file
CAB 4D 53 43 46 Microsoft cabinet file
CAL 73 72 63 64 6F 63 69 64 CALS raster bitmap
CAL 53 75 70 65 72 43 61 6C SuperCalc worksheet
CAL B5 A2 B0 B3 B3 B0 A5 B5 Windows calendar
CAP 58 43 50 00 Packet sniffer files
CAP 52 54 53 53 WinNT Netmon capture file
CAS 5F 43 41 53 45 5F EnCase case file
CAT 30 MS security catalog file
CBD 43 42 46 49 4C 45 WordPerfect dictionary
CBK 5F 43 41 53 45 5F EnCase case file
CDA 52 49 46 46 Resource Interchange File Format
CDR 52 49 46 46 CorelDraw document
CDR 45 4C 49 54 45 20 43 6F Elite Plus Commander game file
CDR 4D 53 5F 56 4F 49 43 45 Sony Compressed Voice File
CFG 5B 66 6C 74 73 69 6D 2E Flight Simulator Aircraft Configuration
CHI 49 54 53 46 MS Compiled HTML Help File
CHM 49 54 53 46 MS Compiled HTML Help File
CLASS CA FE BA BE Java bytecode
CLB 43 4F 4D 2B COM+ Catalog
CLB 43 4D 58 31 Corel Binary metafile
CMX 52 49 46 46 Corel Presentation Exchange metadata
CNV 53 51 4C 4F 43 4F 4E 56 DB2 conversion file
COD 4E 61 6D 65 3A 20 Agent newsreader character map
COM 4D 5A Windows|DOS executable file
COM E8 Windows executable file_1
COM E9 Windows executable file_2
COM EB Windows executable file_3
CPE 46 41 58 43 4F 56 45 52 MS Fax Cover Sheet
CPI 53 49 45 54 52 4F 4E 49 Sietronics CPI XRD document
CPI FF 46 4F 4E 54 Windows international code page
CPL 4D 5A Control panel application
CPL DC DC Corel color palette
CPT 43 50 54 37 46 49 4C 45 Corel Photopaint file_1
CPT 43 50 54 46 49 4C 45 Corel Photopaint file_2
CPX 5B 57 69 6E 64 6F 77 73 Microsoft Code Page Translation file
CRU 43 52 55 53 48 20 76 Crush compressed archive
CRW 49 49 1A 00 00 00 48 45 Canon RAW file
CSH 63 75 73 68 00 00 00 02 Photoshop Custom Shape
CTF 43 61 74 61 6C 6F 67 20 WhereIsIt Catalog
CTL 56 45 52 53 49 4F 4E 20 Visual Basic User-defined Control file
CUIX 50 4B 03 04 Customization files
CUR 00 00 02 00 Windows cursor
DAT 52 49 46 46 Video CD MPEG movie
DAT A9 0D 00 00 00 00 00 00 Access Data FTK evidence
DAT 73 6C 68 21 Allegro Generic Packfile (compressed)
DAT 73 6C 68 2E Allegro Generic Packfile (uncompressed)
DAT 41 56 47 36 5F 49 6E 74 AVG6 Integrity database
DAT 03 MapInfo Native Data Format
DAT 45 52 46 53 53 41 56 45 EasyRecovery Saved State file
DAT 43 6C 69 65 6E 74 20 55 IE History file
DAT 49 6E 6E 6F 20 53 65 74 Inno Setup Uninstall Log
DAT 50 4E 43 49 55 4E 44 4F Norton Disk Doctor undo file
DAT 50 45 53 54 PestPatrol data|scan strings
DAT 1A 52 54 53 20 43 4F 4D Runtime Software disk image
DAT 52 41 5A 41 54 44 42 31 Shareaza (P2P) thumbnail
DAT 4E 41 56 54 52 41 46 46 TomTom traffic data
DAT 55 46 4F 4F 72 62 69 74 UFO Capture map file
DAT 57 4D 4D 50 Walkman MP3 file
DAT 43 52 45 47 Win9x registry hive
DAT 72 65 67 66 WinNT registry file
DB D0 CF 11 E0 A1 B1 1A E1 MSWorks database file
DB 08 dBASE IV or dBFast configuration file
DB 00 06 15 61 00 00 00 02 00 00 04 D2 00 00 10 00 Netscape Navigator (v4) database
DB 44 42 46 48 Palm Zire photo database
DB 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20 33 00 SQLite database file
DB FD FF FF FF Thumbs.db subheader
DB3 03 dBASE III file
DB4 04 dBASE IV file
DBA 00 01 42 44 Palm DateBook Archive
DBB 6C 33 33 6C Skype user data file
DBF 4F 50 4C 44 61 74 61 62 Psion Series 3 Database
DBX CF AD 12 FE Outlook Express e-mail folder
DCI 3C 21 64 6F 63 74 79 70 AOL HTML mail
DCX B1 68 DE 3A PCX bitmap
dex 64 65 78 0A 30 30 39 00 Dalvik (Android) executable file
DIB 42 4D Bitmap image
DLL 4D 5A Windows|DOS executable file
DMG 78 MacOS X image file
DMP 4D 44 4D 50 93 A7 Windows dump file
DMP 50 41 47 45 44 55 Windows memory dump
DMS 44 4D 53 21 Amiga DiskMasher compressed archive
DOC D0 CF 11 E0 A1 B1 1A E1 Microsoft Office document
DOC 0D 44 4F 43 DeskMate Document
DOC CF 11 E0 A1 B1 1A E1 00 Perfect Office document
DOC DB A5 2D 00 Word 2.0 file
DOC EC A5 C1 00 Word document subheader
DOCX 50 4B 03 04 MS Office Open XML Format Document
DOCX 50 4B 03 04 14 00 06 00 MS Office 2007 documents
DOT D0 CF 11 E0 A1 B1 1A E1 Microsoft Office document
DRV 4D 5A Windows|DOS executable file
DRW 07 Generic drawing programs
DRW 01 FF 02 04 03 02 Micrografx vector graphic file
DS4 52 49 46 46 Micrografx Designer graphic
DSN 4D 56 CD Stomper Pro label file
DSP 23 20 4D 69 63 72 6F 73 MS Developer Studio project file
DSS 02 64 73 73 Digital Speech Standard file
DSW 64 73 77 66 69 6C 65 MS Visual Studio workspace file
DTD 07 64 74 32 64 64 74 64 DesignTools 2D Design file
DUN 5B 50 68 6F 6E 65 5D Dial-up networking file
DVF 4D 53 5F 56 4F 49 43 45 Sony Compressed Voice File
DVR 44 56 44 DVR-Studio stream file
DW4 4F 7B Visio|DisplayWrite 4 text file
DWG 41 43 31 30 Generic AutoCAD drawing
E01 45 56 46 09 0D 0A FF 00 Expert Witness Compression Format
E01 4C 56 46 09 0D 0A FF 00 Logical File Evidence Format
ECF 5B 47 65 6E 65 72 61 6C MS Exchange configuration file
EFX DC FE eFax file
EML 58 2D Exchange e-mail
EML 52 65 74 75 72 6E 2D 50 Generic e-mail_1
EML 46 72 6F 6D Generic e-mail_2
ENL 40 40 40 20 00 00 40 40 40 40 EndNote Library File
EPS C5 D0 D3 C6 Adobe encapsulated PostScript
EPS 25 21 50 53 2D 41 64 6F Encapsulated PostScript file
ETH 1A 35 01 00 WinPharoah capture file
EVT 30 00 00 00 4C 66 4C 65 Windows Event Viewer file
EVTX 45 6C 66 46 69 6C 65 00 Windows Vista event log
EXE 4D 5A Windows|DOS executable file
FDF 25 50 44 46 PDF file
FLAC 66 4C 61 43 00 00 00 22 Free Lossless Audio Codec file
FLI 00 11 FLIC animation
FLT 4D 5A 90 00 03 00 00 00 Audition graphic filter
FLT 76 32 30 30 33 2E 31 30 Qimage filter
FLV 46 4C 56 Flash video file
FM 3C 4D 61 6B 65 72 46 69 Adobe FrameMaker
FON 4D 5A Font file
FTR D2 0A 00 00 WinPharoah filter file
GHO FE EF Symantex Ghost image file
GHS FE EF Symantex Ghost image file
GID 3F 5F 03 00 Windows Help file_2
GID 4C 4E 02 00 Windows help file_3
GIF 47 49 46 38 GIF file
GPG 99 GPG public keyring
GRP 50 4D 43 43 Windows Program Manager group file
GX2 47 58 32 Show Partner graphics file
GZ 1F 8B 08 GZIP archive file
HAP 91 33 48 46 Hamarsoft compressed archive
HDMP 4D 44 4D 50 93 A7 Windows dump file
HDR 49 53 63 28 Install Shield compressed file
HDR 23 3F 52 41 44 49 41 4E Radiance High Dynamic Range image file
hip 48 69 50 21 Houdini image file. Three-dimensional modeling and animation
HLP 00 00 FF FF FF FF Windows Help file_1
HLP 3F 5F 03 00 Windows Help file_2
HLP 4C 4E 02 00 Windows help file_3
HQX 28 54 68 69 73 20 66 69 BinHex 4 Compressed Archive
ICO 00 00 01 00 Windows icon|printer spool file
IDX 41 4F 4C 44 42 AOL user configuration
IDX 41 4F 4C AOL config files
IDX 50 00 00 00 20 00 00 00 Quicken QuickFinder Information File
IFO 44 56 44 DVD info file
IMG 50 49 43 54 00 08 ChromaGraph Graphics Card Bitmap
IMG EB 3C 90 2A GEM Raster file
IMG 53 43 4D 49 Img Software Bitmap
IND 41 4F 4C 49 44 58 AOL client preferences|settings file
IND 41 4F 4C AOL config files
INFO E3 10 00 01 00 00 00 00 Amiga icon
INFO 54 68 69 73 20 69 73 20 GNU Info Reader file
INFO 7A 62 65 78 ZoomBrowser Image Index
ISO 43 44 30 30 31 ISO-9660 CD Disc Image
IVR 2E 52 45 43 RealPlayer video file (V11+)
JAR 50 4B 03 04 Java archive_1
JAR 5F 27 A8 89 Jar archive
JAR 4A 41 52 43 53 00 JARCS compressed archive
JAR 50 4B 03 04 14 00 08 00 Java archive_2
JFIF FF D8 FF E0 JPEG IMAGE
JFIF FF D8 FF E0 JFIF IMAGE FILE - jpeg
JG 4A 47 03 0E AOL ART file_1
JG 4A 47 04 0E AOL ART file_2
JNT 4E 42 2A 00 MS Windows journal
JP2 00 00 00 0C 6A 50 20 20 JPEG2000 image files
JPE FF D8 FF E0 JPEG IMAGE
JPE FF D8 FF E0 JPE IMAGE FILE - jpeg
JPEG FF D8 FF E0 JPEG IMAGE
JPEG FF D8 FF E2 CANNON EOS JPEG FILE
JPEG FF D8 FF E3 SAMSUNG D500 JPEG FILE
JPG FF D8 FF E0 JPEG IMAGE
JPG FF D8 FF E1 Digital camera JPG using Exchangeable Image File Format (EXIF)
JPG FF D8 FF E8 Still Picture Interchange File Format (SPIFF)
JTP 4E 42 2A 00 MS Windows journal
KGB 4B 47 42 5F 61 72 63 68 KGB archive
KOZ 49 44 33 03 00 00 00 Sprint Music Store audio
KWD 50 4B 03 04 KWord document
LBK C8 00 79 00 Jeppesen FliteLog file
LGC 7B 0D 0A 6F 20 Windows application log
LGD 7B 0D 0A 6F 20 Windows application log
LHA 2D 6C 68 Compressed archive
LIB 21 3C 61 72 63 68 3E 0A Unix archiver (ar)|MS Program Library Common Object File Format (COFF)
LIT 49 54 4F 4C 49 54 4C 53 MS Reader eBook
LNK 4C 00 00 00 01 14 02 00 Windows shortcut file
LOG 2A 2A 2A 20 20 49 6E 73 Symantec Wise Installer log
LWP 57 6F 72 64 50 72 6F Lotus WordPro file
LZH 2D 6C 68 Compressed archive
M4A 00 00 00 20 66 74 79 70 4D 34 41 Apple audio and video files
MANIFEST 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D Windows Visual Stylesheet
MAR 4D 41 72 30 00 MAr compressed archive
MAR 4D 41 52 43 Microsoft|MSN MARC archive
MAR 4D 41 52 31 00 Mozilla archive
MDB 00 01 00 00 53 74 61 6E 64 61 72 64 20 4A 65 74 20 44 42 Microsoft Access
MDF 01 0F 00 00 SQL Data Base
MDI 45 50 MS Document Imaging file
MID 4D 54 68 64 MIDI sound file
MIDI 4D 54 68 64 MIDI sound file
MIF 3C 4D 61 6B 65 72 46 69 Adobe FrameMaker
MIF 56 65 72 73 69 6F 6E 20 MapInfo Interchange Format file
MKV 1A 45 DF A3 93 42 82 88 Matroska stream file
MLS 4D 49 4C 45 53 Milestones project management file
MLS 4D 56 32 31 34 Milestones project management file_1
MLS 4D 56 32 43 Milestones project management file_2
MLS 4D 4C 53 57 Skype localization data file
MMF 4D 4D 4D 44 00 00 Yamaha Synthetic music Mobile Application Format
MNY 00 01 00 00 4D 53 49 53 41 4D 20 44 61 74 61 62 61 73 65 Microsoft Money file
MOF FF FE 23 00 6C 00 69 00 MSinfo file
MOV 6D 6F 6F 76 QuickTime movie_1
MOV 66 72 65 65 QuickTime movie_2
MOV 6D 64 61 74 QuickTime movie_3
MOV 77 69 64 65 QuickTime movie_4
MOV 70 6E 6F 74 QuickTime movie_5
MOV 73 6B 69 70 QuickTime movie_6
MP 0C ED Monochrome Picture TIFF bitmap
MP3 49 44 33 MP3 audio file
MPG 00 00 01 BA DVD video file
MPG 00 00 01 B3 MPEG video file
MSC D0 CF 11 E0 A1 B1 1A E1 Microsoft Common Console Document
MSC 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 3F 3E 0D 0A 3C 4D 4D 43 5F 43 6F 6E 73 6F 6C 65 46 69 6C 65 20 43 6F 6E 73 6F 6C 65 56 65 72 MMC Snap-in Control file
MSI D0 CF 11 E0 A1 B1 1A E1 Microsoft Installer package
MSI 23 20 Cerius2 file
MSV 4D 53 5F 56 4F 49 43 45 Sony Compressed Voice File
MTW D0 CF 11 E0 A1 B1 1A E1 Minitab data file
NRI 0E 4E 65 72 6F 49 53 4F Nero CD compilation
NSF 1A 00 00 04 00 00 Lotus Notes database
NSF 4E 45 53 4D 1A 01 NES Sound file
NTF 1A 00 00 Lotus Notes database template
NTF 4E 49 54 46 30 National Imagery Transmission Format file
NTF 30 31 4F 52 44 4E 41 4E National Transfer Format Map
NVRAM 4D 52 56 4E VMware BIOS state file
OBJ 4C 01 MS COFF relocatable object code
OBJ 80 Relocatable object code
OCX 4D 5A ActiveX|OLE Custom Control
ODP 50 4B 03 04 OpenDocument template
ODT 50 4B 03 04 OpenDocument template
OGA 4F 67 67 53 00 02 00 00 Ogg Vorbis Codec compressed file
OGG 4F 67 67 53 00 02 00 00 Ogg Vorbis Codec compressed file
OGV 4F 67 67 53 00 02 00 00 Ogg Vorbis Codec compressed file
OGX 4F 67 67 53 00 02 00 00 Ogg Vorbis Codec compressed file
OLB 4D 5A OLE object library
ONE E4 52 5C 7B 8C D8 A7 4D MS OneNote note
OPT D0 CF 11 E0 A1 B1 1A E1 Developer Studio File Options file
OPT FD FF FF FF 20 Developer Studio subheader
ORG 41 4F 4C 56 4D 31 30 30 AOL personal file cabinet
OTT 50 4B 03 04 OpenDocument template
P10 64 00 00 00 Intel PROset|Wireless Profile
PAK 1A 0B PAK Compressed archive file
PAK 50 41 43 4B Quake archive file
PAT 47 50 41 54 GIMP pattern file
PAX 50 41 58 PAX password protected bitmap
PCH 56 43 50 43 48 30 Visual C PreCompiled header
PCX 0A 02 01 01 ZSOFT Paintbrush file_1
PCX 0A 03 01 01 ZSOFT Paintbrush file_2
PCX 0A 05 01 01 ZSOFT Paintbrush file_3
PDB AC ED 00 05 73 72 00 12 BGBlitz position database file
PDB 4D 2D 57 20 50 6F 63 6B Merriam-Webster Pocket Dictionary
PDB 4D 69 63 72 6F 73 6F 66 74 20 43 2F 43 2B 2B 20 MS C++ debugging symbols file
PDB 73 6D 5F PalmOS SuperMemo
PDB 73 7A 65 7A PowerBASIC Debugger Symbols
PDF 25 50 44 46 PDF file
PF 11 00 00 00 53 43 43 41 Windows prefetch file
PFC 41 4F 4C AOL config files
PFC 41 4F 4C 56 4D 31 30 30 AOL personal file cabinet
PGD 50 47 50 64 4D 41 49 4E PGP disk image
PGM 50 35 0A Portable Graymap Graphic
PIF 4D 5A Windows|DOS executable file
PKR 99 01 PGP public keyring
PNG 89 50 4E 47 0D 0A 1A 0A PNG image
PPS D0 CF 11 E0 A1 B1 1A E1 Microsoft Office document
PPT D0 CF 11 E0 A1 B1 1A E1 Microsoft Office document
PPT 00 6E 1E F0 PowerPoint presentation subheader_1
PPT 0F 00 E8 03 PowerPoint presentation subheader_2
PPT A0 46 1D F0 PowerPoint presentation subheader_3
PPT FD FF FF FF 0E 00 00 00 PowerPoint presentation subheader_4
PPT FD FF FF FF 1C 00 00 00 PowerPoint presentation subheader_5
PPT FD FF FF FF 43 00 00 00 PowerPoint presentation subheader_6
PPTX 50 4B 03 04 MS Office Open XML Format Document
PPTX 50 4B 03 04 14 00 06 00 MS Office 2007 documents
PPZ 4D 53 43 46 Powerpoint Packaged Presentation
PRC 42 4F 4F 4B 4D 4F 42 49 Palmpilot resource file
PRC 74 42 4D 50 4B 6E 57 72 PathWay Map file
PSD 38 42 50 53 Photoshop image
PSP 7E 42 4B 00 Corel Paint Shop Pro image
PUB D0 CF 11 E0 A1 B1 1A E1 MS Publisher file
PWI 7B 5C 70 77 69 MS WinMobile personal note
PWL B0 4D 46 43 Win95 password file
PWL E3 82 85 96 Win98 password file
QBB 45 86 00 00 06 00 QuickBooks backup
QCP 52 49 46 46 Resource Interchange File Format
QDF AC 9E BD 8F 00 00 QDF Quicken data
QEL 51 45 4C 20 QDL Quicken data
QEMU 51 46 49 Qcow Disk Image
QPH 03 00 00 00 Quicken price history
QSD 51 57 20 56 65 72 2E 20 ABD | QSD Quicken data file
QTS 4D 5A Windows|DOS executable file
QTX 4D 5A Windows|DOS executable file
QXD 00 00 49 49 58 50 52 Quark Express (Intel)
QXD 00 00 4D 4D 58 50 52 Quark Express (Motorola)
RA 2E 52 4D 46 00 00 00 12 RealAudio file
RA 2E 72 61 FD 00 RealAudio streaming media
RAM 72 74 73 70 3A 2F 2F RealMedia metafile
RAR 52 61 72 21 1A 07 00 WinRAR compressed archive
REG FF FE Windows Registry file
REG 52 45 47 45 44 49 54 WinNT Registry|Registry Undo files
RGB 01 DA 01 01 00 03 Silicon Graphics RGB Bitmap
RM 2E 52 4D 46 RealMedia streaming media
RMI 52 49 46 46 Resource Interchange File Format
RMVB 2E 52 4D 46 RealMedia streaming media
RPM ED AB EE DB RedHat Package Manager
RTD 43 23 2B 44 A4 43 4D A5 RagTime document
RTF 7B 5C 72 74 66 31 RTF file
RVT D0 CF 11 E0 A1 B1 1A E1 Revit Project file
SAM 5B 56 45 52 5D Lotus AMI Pro document_1
SAM 5B 76 65 72 5D Lotus AMI Pro document_2
SAV 24 46 4C 32 40 28 23 29 SPSS Data file
SCR 4D 5A Screen saver
SDR 53 4D 41 52 54 44 52 57 SmartDraw Drawing file
SH3 48 48 47 42 31 Harvard Graphics presentation file
SHD 68 49 00 00 Win Server 2003 printer spool file
SHD 4B 49 00 00 Win9x printer spool file
SHD 67 49 00 00 Win2000|XP printer spool file
SHD 66 49 00 00 WinNT printer spool file
SHW 53 48 4F 57 Harvard Graphics presentation
SIT 53 49 54 21 00 StuffIt archive
SIT 53 74 75 66 66 49 74 20 StuffIt compressed archive
SKF 07 53 4B 46 SkinCrafter skin
SKR 95 00 PGP secret keyring_1
SKR 95 01 PGP secret keyring_2
SLE 41 43 76 Steganos virtual secure drive
SLE 3A 56 45 52 53 49 4F 4E Surfplan kite project file
SLN 4D 69 63 72 6F 73 6F 66 74 20 56 69 73 75 61 6C Visual Studio .NET file
SNM 00 1E 84 90 00 00 00 00 Netscape Communicator (v4) mail folder
SNP 4D 53 43 46 MS Access Snapshot Viewer file
SOU D0 CF 11 E0 A1 B1 1A E1 Visual Studio Solution User Options file
SPL 00 00 01 00 Windows icon|printer spool file
SPO D0 CF 11 E0 A1 B1 1A E1 SPSS output file
SUD 52 45 47 45 44 49 54 WinNT Registry|Registry Undo files
SUO FD FF FF FF 04 Visual Studio Solution subheader
SWF 43 57 53 Shockwave Flash file
SWF 46 57 53 Shockwave Flash player
SXC 50 4B 03 04 StarOffice spreadsheet
SXD 50 4B 03 04 OpenOffice documents
SXI 50 4B 03 04 OpenOffice documents
SXW 50 4B 03 04 OpenOffice documents
SYS 4D 5A Windows|DOS executable file
SYS FF FF FF FF DOS system driver
SYS FF 4B 45 59 42 20 20 20 Keyboard driver file
SYS E8 Windows executable file_1
SYS E9 Windows executable file_2
SYS EB Windows executable file_3
SYS FF Windows executable
SYW 41 4D 59 4F Harvard Graphics symbol graphic
TAR 75 73 74 61 72 Tape Archive
TAR.BZ2 42 5A 68 bzip2 compressed archive
TAR.Z 1F 9D 90 Compressed tape archive_1
TAR.Z 1F A0 Compressed tape archive_2
TB2 42 5A 68 bzip2 compressed archive
TBZ2 42 5A 68 bzip2 compressed archive
TIB B4 6E 68 44 Acronis True Image
TIF 49 20 49 TIFF file_1
TIF 49 49 2A 00 TIFF file_2
TIF 4D 4D 00 2A TIFF file_3
TIF 4D 4D 00 2B TIFF file_4
TIFF 49 20 49 TIFF file_1
TIFF 49 49 2A 00 TIFF file_2
TIFF 4D 4D 00 2A TIFF file_3
TIFF 4D 4D 00 2B TIFF file_4
TLB 4D 53 46 54 02 00 01 00 OLE|SPSS|Visual C++ library file
TR1 01 10 Novell LANalyzer capture file
UCE 55 43 45 58 Unicode extensions
UFA 55 46 41 C6 D2 C1 UFA compressed archive
VBX 4D 5A VisualBASIC application
VCD 45 4E 54 52 59 56 43 44 VideoVCD|VCDImager file
VCF 42 45 47 49 4E 3A 56 43 vCard
VCW 5B 4D 53 56 43 Visual C++ Workbench Info File
VHD 63 6F 6E 65 63 74 69 78 Virtual PC HD image
VMDK 43 4F 57 44 VMware 3 Virtual Disk
VMDK 23 20 44 69 73 6B 20 44 VMware 4 Virtual Disk description
VMDK 4B 44 4D VMware 4 Virtual Disk
VOB 00 00 01 BA DVD video file
VSD D0 CF 11 E0 A1 B1 1A E1 Visio file
VXD 4D 5A Windows virtual device drivers
WAB 9C CB CB 8D 13 75 D2 11 Outlook address file
WAB 81 32 84 C1 85 05 D0 11 Outlook Express address book (Win95)
WAV 52 49 46 46 Resource Interchange File Format
WB2 00 00 02 00 QuattroPro spreadsheet
WB3 3E 00 03 00 FE FF 09 00 06 Quatro Pro for Windows 7.0
WIZ D0 CF 11 E0 A1 B1 1A E1 Microsoft Office document
WK1 00 00 02 00 06 04 06 00 Lotus 1-2-3 (v1)
WK3 00 00 1A 00 00 10 04 00 Lotus 1-2-3 (v3)
WK4 00 00 1A 00 02 10 04 00 Lotus 1-2-3 (v4|v5)
WK5 00 00 1A 00 02 10 04 00 Lotus 1-2-3 (v4|v5)
WKS 0E 57 4B 53 DeskMate Worksheet
WKS FF 00 02 00 04 04 05 54 Works for Windows spreadsheet
WMA 30 26 B2 75 8E 66 CF 11 Windows Media Audio|Video File
WMF D7 CD C6 9A Windows graphics metafile
WMV 30 26 B2 75 8E 66 CF 11 Windows Media Audio|Video File
WMZ 50 4B 03 04 Windows Media compressed skin file
WP FF 57 50 43 WordPerfect text and graphics
WP5 FF 57 50 43 WordPerfect text and graphics
WP6 FF 57 50 43 WordPerfect text and graphics
WPD FF 57 50 43 WordPerfect text and graphics
WPF 81 CD AB WordPerfect text
WPG FF 57 50 43 WordPerfect text and graphics
WPL 4D 69 63 72 6F 73 6F 66 74 20 57 69 6E 64 6F 77 73 20 4D 65 64 69 61 20 50 6C 61 79 65 72 20 2D 2D 20 Windows Media Player playlist
WPP FF 57 50 43 WordPerfect text and graphics
WPS D0 CF 11 E0 A1 B1 1A E1 MSWorks text document
WRI 31 BE MS Write file_1
WRI 32 BE MS Write file_2
WRI BE 00 00 00 AB MS Write file_3
WS 1D 7D WordStar Version 5.0|6.0 document
WS2 57 53 32 30 30 30 WordStar for Windows file
XDR 3C BizTalk XML-Data Reduced Schema
XLA D0 CF 11 E0 A1 B1 1A E1 Microsoft Office document
XLS D0 CF 11 E0 A1 B1 1A E1 Microsoft Office document
XLS 09 08 10 00 00 06 05 00 Excel spreadsheet subheader_1
XLS FD FF FF FF 10 Excel spreadsheet subheader_2
XLS FD FF FF FF 1F Excel spreadsheet subheader_3
XLS FD FF FF FF 22 Excel spreadsheet subheader_4
XLS FD FF FF FF 23 Excel spreadsheet subheader_5
XLS FD FF FF FF 28 Excel spreadsheet subheader_6
XLS FD FF FF FF 29 Excel spreadsheet subheader_7
XLSX 50 4B 03 04 MS Office Open XML Format Document
XLSX 50 4B 03 04 14 00 06 00 MS Office 2007 documents
XML 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 3F 3E User Interface Language
XPI 50 4B 03 04 Mozilla Browser Archive
XPS 50 4B 03 04 XML paper specification file
XPT 50 4B 03 04 eXact Packager Models
XPT 58 50 43 4F 4D 0A 54 79 XPCOM libraries
ZAP 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF ZoneAlam data file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment