Guide | How To File types that are usually suspicious!

The associated guide may contain user-generated or external content.

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
So, which type of files we have to pay attention in particular? I will make a simple list of file types but please guys, we are a community, contribute to this thread by posting your list!

  • All email attachments (yes, when you find an email in your spam box it is very recommended to NOT click on any link and NOT download any attachments, because they are often malware).
  • Double extension files (e.g. .pdf.exe)
  • Script files (e.g. .js, .jse, .vbs, etc. They can work as downloader for ransomware, etc.)
  • Scr files.
  • Documents (.xls, .docx, .rtf usually used for macro malware and exploit)
  • .exe (maybe the most obvious)
  • BAT
  • Powershell files
  • .reg files
Thanks guys for reading :)
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Nice refresher. :emoji_ok_hand: Here is where NVT SysHardener can maybe help you out, especially for those like me who aren't into scrupulously reviewing everything first.

syshardener.PNG
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The list from RunBySmartScreen:
ACCDA, ACCDE, ACCDR, ACCDT, ACM, AD, ADE, ADN, ADP, AIR, APP, APPLICATION, APPREF-MS, ARC, ASA, ASP, ASPX, ASX, AX, BAS, BAT, BZ, BZ2, CAB, CDB, CER, CFG, CHI, CHM, CLA, CLASS, CLB, CMD, CNT, CNV, COMMAND, CPL, CPX, CRAZY, CRT, CRX, CSH, CSV, DB, DCR, DER, DESKLINK, DESKTOP, DIAGCAB, DIF, DIR, DLL, DMG, DOCB, DOCM, DOT, DOTM, DOTX, DQY, DRV, FON, FXP, GADGET, GLK, GRP, GZ, HEX, HLP, HPJ, HQX, HTA, HTC, HTM, HTT, IE, IME, INF, INI, INS, IQY, ISP, ITS, JAR, JNLP, JOB, JS, JSE, KSH, LACCDB, LDB, LIBRARY-MS, LOCAL, LZH, MAD, MAF, MAG, MAM, MANIFEST, MAPIMAIL, MAQ, MAR, MAS, MAT, MAU, MAV, MAW, MAY, MCF, MDA, MDB, MDE, MDF, MDN, MDT, MDW, MDZ, MHT, MHTML, MMC, MOF, MSC, MSH, MSH1, MSH1XML, MSH2, MSH2XML, MSHXML, MSP, MST, MSU, MUI, MYDOCS, NLS, NSH, OCX, ODS, OPS, OQY, OSD, PCD, PERL, PI, PIF, PKG, PL, PLG, POT, POTM, POTX, PPAM, PPS, PPSM, PPSX, PPTM, PRF, PRG, PRINTEREXPORT, PRN, PS1, PS1XML, PS2, PS2XML, PSC1, PSC2, PSD1, PSDM1, PST, PSTREG, PXD, PY, PY3, PYC, PYD, PYDE, PYI, PYO, PYP, PYT, PYW, PYWZ, PYX, PYZ, PYZW, RB, REG, RPY, RQY, RTF, SCT, SEA, SEARCH-MS, SEARCHCONNECTOR-MS, SETTINGCONTENT-MS, SHB, SHS, SIT, SLDM, SLDX, SLK, SPL, STM, SWF, SYS, TAR, TAZ, TERM, TERMINAL, TGZ, THEME, TLB, TMP, TOOL, TSP, URL, VB, VBE, VBP, VBS, VSMACROS, VSS, VST, VSW, VXD, WAS, WBK, WEBLOC, WEBPNP, WEBSITE, WS, WSC, WSF, WSH, XBAP, XLA, XLAM, XLB, XLC, XLD, XLL, XLM, XLSB, XLSM, XLT, XLTM, XLTX, XLW, XML, XNK, XPI, XPS, Z, ZFSENDTOTARGET, ZLO, ZOO

Also EXE, COM, MSI, SCR can be dangerous, but they can be checked by SmartScreen (if downloaded from the Internet by the web browser).
The popular document extensions (DOC, DOCX, XLS, XLSX, PUB, PPT, PPTX, ACCDB, PDF) can be very dangerous when opened by MS Office or Adobe Acrobat Reader applications.
If they are downloaded by the web browser, then MS Office 2010+ applications open those documents in 'Protected View' mode.
The archived files (ZIP, 7Z, ARJ, RAR, ZIPX) can be dangerous, because unarchived files usually lose the 'Mark Of The Web', which can inform applications and SmartScreen, that those files are from the Internet.
 
Last edited:

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
Dlls and Reg files are those often used in fileless and other complex malwares.
Yes, also keep in mind that .reg files can be dangerous because they can modify registry keys (deleting, etc.) And obviously change also some Windows settings. For example a malware can use a .reg file to create a registry key to start with Windows.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top