Sie sind auf Seite 1von 2

Lab 1 – File Signature Analysis

This lab is designed to teach the students to determine if a file has a mismatched file extension,
a common method attackers use to deliver malware successfully through firewalls and to hide
it from the typical user.

For this lab, install the ICY Hexplorer hex editor (hex_setup26.exe) and WinRAR (wrar550.exe)
from the Lab 1 folder. Launch ICY Hexplorer and change the font (View > Options… > Font:
System Fixed Font). To answer the following questions drag each file into ICY Hexplorer. Use
“File Signatures.htm1” as a reference for the file signatures. HINT: Search for the hex characters
of the header.

1. file1

First four bytes: _________________________________

File Extension/Type: _____________________________

Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________

2. file2

First four bytes: _________________________________

File Extension/Type: _____________________________

Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________

3. file3

(hint: get from file7)


First four bytes: _________________________________

File Extension/Type: _____________________________

Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________

4. file4

First four bytes: _________________________________


1 https://www.garykessler.net/library/file_sigs.html
File Extension/Type: _____________________________
Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________

5. file5

First four bytes: _________________________________

File Extension/Type: _____________________________

Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________

6. file6

First four bytes: _________________________________

File Extension/Type: _____________________________

Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________

7. file7

First four bytes: _________________________________

File Extension/Type: _____________________________

Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________

8. file8


(hint: get from file7)


First four bytes: _________________________________

File Extension/Type: _____________________________

Rename the file with the correct extension and open it. What is it?
___________________________________________________________________________