FileAlyzer - tool to analyze files

Status
Not open for further replies.

Dashke

Level 1
Thread author
Feb 3, 2012
271
FileAlyzer is a tool to analyze files. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources structures (like text, graphics, HTML, media and PE).

Using FileAlyzer is as simple as viewing the regular properties of a file - just right-click the file you want to analyze and choose Open in FileAlyzer.

filealyzer161general.png


What follows is a list of tabs that are shown in FileAlyzer (depending on the file type you open), with a short description.
  • General - The initial information FileAlyzer will show is not much different from what the Windows Properties dialog will show you: file name and location, size, date & times, version and attributes. In addition to those, FileAlyzer will show you both the CRC-32 and the Message Digest 5 checksum of the file, too.
  • Version - Another important feature that the Windows Properties dialog shows is also implemented in FileAlyzer: for executable files and system libraries, it shows the Version resources if available.
  • Resources - Many executable files have so-called resources - bitmaps, icons and text they use, as well as menus, dialogs and whole windows are usually defined in resources. If you don't know what the purpose of a file is, having a look at its text (see screenshot) or bitmaps may give you an idea.
  • PE Header - PE stands for Portable Executable and is a description for the structure of modern Windows (and other platform) files. Nearly all executables and system libraries follow this structure. FileAlyzer can display an insight into this structure on its PE Header tab, showing everything from the target platform to addresses of specific parts of the file.
  • Sections - A modern PE file makes clear differences between code (those bytes representing instructions the program will execute), data, resources and other important parts. The Sections tab in FileAlyzer will display the sections contained in the file you analyze. If you want to see the contents of a specific section, just double-click it and FileAlyzer will jump to the beginning of that section on the Hexdump tab.
  • New in 1.1d: Import/Export table - Most windows programs will use Windows libraries for basic functionality. Many libraries also export their own functions. FileAlyzer is able to display names of both imported and exported functions of a PE file.
  • Hex dump - Are you a byte junkie and want to look at the file content with a hex editor? FileAlyzer has a fast and easy hex viewer with search capability.
    - New in 1.1c: dynamic width of hex dump depending on window width, and string recognition listing all strings used in a separate list (linked to hex dump).
  • Image preview - If the file is a graphic that is supported by Windows, the graphic can be previewed on an Image preview tab in FileAlyzer.
  • Text preview - If the file you open in FileAlyzer is a text file of some sort, you may want to view it's contents, like the classic QuickView from Windows 9x allowed you to. FileAlyzer can display plain text as well as text in the Rich Text Format (files with the extension .rtf).
  • INI contents (new in version 1.1) - Previewing an INI file in the text preview is nice, but for a quick overview, a more structures list may be better. So FileAlyzer will show you the sections in one list, with a second list showing the contents of the currently selected section.
  • HTML preview - If you want to have a look at a suspicious HTML file, maybe from you Application Data folder (where C2.lop stores 2 such files) or in your Temporary Internet Files, but you do not want to use Internet Explorer (to avoid active contents of the file to be executed), you can also use FileAlyzer. As it uses its own HTML parser instead of IE for this preview, this is much safer.
  • Zip preview - If the file in question is a zip file (it does not necessarily need to have the .zip extension as FileAlyzer will detect if it is one), FileAlyzer will display the contents of the zip file and allow you to extract one or more files from it. This function needs the external library UnzDll.dll, which is installed along with FileAlyzer.
  • Database preview (new in version 1.1) - If the file is a comma- or tab-separated text file, FileAlyzer will display its contents in grid form. Old dBase databases (.dbf) will be displayed in two lists: one displaying the structure, one the actual contents (small databases will be read completely into memory, larger database entries will be loaded upon access).
  • Media preview - If the file is an audio or video file, a tab Media preview will also allow to play back the file. this media preview is still very basic and shouldn't be taken too serious.
  • ID3 tag - FileAlyzer will display ID3 tags in all v1 versions, including ID3v1, ID3v1.1, Lyrics v3 and Lyrics v3.1 ID3 tags are track information used in MP3 audio files.
  • RIFF - RIFF is the structure used in WAV (audio) files as well as in AVI (video) files. FileAlyzer is able to display the properties and tree structure of RIFF files. If you double-click an entry in the tree, FileAlyzer will jump to that address on the Hex dump tab.
Download
 

ranget

New Member
Dec 8, 2011
232
seem to be usefull i will give it a try

BTW do you know about similer tool for PDF analysing somthing Noob friendly
 

Dashke

Level 1
Thread author
Feb 3, 2012
271
ranget said:
seem to be usefull i will give it a try

BTW do you know about similer tool for PDF analysing somthing Noob friendly

Nope, doesn't sound familiar. :/
But you can try this one - PDF Stream Dumper. I think that you will be satisfied. :)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top