Exploring the structure of binary files can be very useful for identifying malware, and tools like PeStudio and HxD may help point you in the right direction.
But if you find they bury you in fine detail, when you’re more interested in the big picture, then you might like to try another approach.
Binvis.io is an online service which imports target files and converts them to images, where each color is based on the source byte value (0 = black, low = green, ASCII = blue, high = red and 255 = white).
Sounds simple, but it’s surprising how effective this can be. Open something which is mostly solid blue, for instance, and you’ll know at a glance that it’s probably some kind of text file.
Now move your mouse cursor over the blue area and a hex editor-type view displays its contents, telling you more.
If your file is mostly random colors, then it’s likely to be compressed or packed: an archive, JPG, maybe a video or audio file.
PDFs are more interesting to explore. Simple text-only files will be mostly blue, but they may also contain multi-colored images, fonts, videos and more.
Binvis.io’s images makes these objects immediately obvious, and you can zoom to them, and check out their structure in seconds.
Opening executables may also give you some indication about their internals. Standard files are likely to have a mix of patterns, while packed EXEs will probably look more random.
If the default settings don’t tell you much then there are other options to try, including an Entropy color scheme which can accurately highlight encrypted or compressed data in your file. And whatever you’re doing, the current image may be saved as a local PNG in a couple of clicks.
Put it all together and binvis.io is a neat way to get an overview of a file’s structure. And the pictures are pretty, too. Check it out.