Guide | How To File types that are usually suspicious!

[JM Safe]

So, which type of files we have to pay attention in particular? I will make a simple list of file types but please guys, we are a community, contribute to this thread by posting your list!

• All email attachments (yes, when you find an email in your spam box it is very recommended to NOT click on any link and NOT download any attachments, because they are often malware).
• Double extension files (e.g. .pdf.exe)
• Script files (e.g. .js, .jse, .vbs, etc. They can work as downloader for ransomware, etc.)
• Scr files.
• Documents (.xls, .docx, .rtf usually used for macro malware and exploit)
• .exe (maybe the most obvious)
• BAT
• Powershell files
• .reg files

Thanks guys for reading

 

[ChemicalB]

JAR

JAR files contain executable Java code. If
you have installed Java Runtime on your
PC, the JAR files are run as exe files.

 

[Deleted member 178]

Those two:

.dll
.sys (drivers)

 

[plat]

Nice refresher. :emoji_ok_hand: Here is where NVT SysHardener can maybe help you out, especially for those like me who aren't into scrupulously reviewing everything first.

Spoiler

 

[Andy Ful]

The list from RunBySmartScreen:
ACCDA, ACCDE, ACCDR, ACCDT, ACM, AD, ADE, ADN, ADP, AIR, APP, APPLICATION, APPREF-MS, ARC, ASA, ASP, ASPX, ASX, AX, BAS, BAT, BZ, BZ2, CAB, CDB, CER, CFG, CHI, CHM, CLA, CLASS, CLB, CMD, CNT, CNV, COMMAND, CPL, CPX, CRAZY, CRT, CRX, CSH, CSV, DB, DCR, DER, DESKLINK, DESKTOP, DIAGCAB, DIF, DIR, DLL, DMG, DOCB, DOCM, DOT, DOTM, DOTX, DQY, DRV, FON, FXP, GADGET, GLK, GRP, GZ, HEX, HLP, HPJ, HQX, HTA, HTC, HTM, HTT, IE, IME, INF, INI, INS, IQY, ISP, ITS, JAR, JNLP, JOB, JS, JSE, KSH, LACCDB, LDB, LIBRARY-MS, LOCAL, LZH, MAD, MAF, MAG, MAM, MANIFEST, MAPIMAIL, MAQ, MAR, MAS, MAT, MAU, MAV, MAW, MAY, MCF, MDA, MDB, MDE, MDF, MDN, MDT, MDW, MDZ, MHT, MHTML, MMC, MOF, MSC, MSH, MSH1, MSH1XML, MSH2, MSH2XML, MSHXML, MSP, MST, MSU, MUI, MYDOCS, NLS, NSH, OCX, ODS, OPS, OQY, OSD, PCD, PERL, PI, PIF, PKG, PL, PLG, POT, POTM, POTX, PPAM, PPS, PPSM, PPSX, PPTM, PRF, PRG, PRINTEREXPORT, PRN, PS1, PS1XML, PS2, PS2XML, PSC1, PSC2, PSD1, PSDM1, PST, PSTREG, PXD, PY, PY3, PYC, PYD, PYDE, PYI, PYO, PYP, PYT, PYW, PYWZ, PYX, PYZ, PYZW, RB, REG, RPY, RQY, RTF, SCT, SEA, SEARCH-MS, SEARCHCONNECTOR-MS, SETTINGCONTENT-MS, SHB, SHS, SIT, SLDM, SLDX, SLK, SPL, STM, SWF, SYS, TAR, TAZ, TERM, TERMINAL, TGZ, THEME, TLB, TMP, TOOL, TSP, URL, VB, VBE, VBP, VBS, VSMACROS, VSS, VST, VSW, VXD, WAS, WBK, WEBLOC, WEBPNP, WEBSITE, WS, WSC, WSF, WSH, XBAP, XLA, XLAM, XLB, XLC, XLD, XLL, XLM, XLSB, XLSM, XLT, XLTM, XLTX, XLW, XML, XNK, XPI, XPS, Z, ZFSENDTOTARGET, ZLO, ZOO

Also EXE, COM, MSI, SCR can be dangerous, but they can be checked by SmartScreen (if downloaded from the Internet by the web browser).
The popular document extensions (DOC, DOCX, XLS, XLSX, PUB, PPT, PPTX, ACCDB, PDF) can be very dangerous when opened by MS Office or Adobe Acrobat Reader applications.
If they are downloaded by the web browser, then MS Office 2010+ applications open those documents in 'Protected View' mode.
The archived files (ZIP, 7Z, ARJ, RAR, ZIPX) can be dangerous, because unarchived files usually lose the 'Mark Of The Web', which can inform applications and SmartScreen, that those files are from the Internet.

 

[JM Safe]

JAR

JAR files contain executable Java code. If
you have installed Java Runtime on your
PC, the JAR files are run as exe files.

Those two:

.dll
.sys (drivers)

Yes I forgot those. Also DLL is used also in ransomware infection (for example WannaCry)

 

[Deleted member 178]

Yes I forgot those. Also DLL is used also in ransomware infection (for example WannaCry)

Yes, Dlls and Reg files are those often used in fileless and other complex malwares.

 

[JM Safe]

Dlls and Reg files are those often used in fileless and other complex malwares.

Yes, also keep in mind that .reg files can be dangerous because they can modify registry keys (deleting, etc.) And obviously change also some Windows settings. For example a malware can use a .reg file to create a registry key to start with Windows.