{"id":894,"date":"2012-04-30T18:25:06","date_gmt":"2012-04-30T18:25:06","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=894"},"modified":"2012-04-30T18:25:06","modified_gmt":"2012-04-30T18:25:06","slug":"file-formats-zoo","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2012\/04\/30\/file-formats-zoo\/","title":{"rendered":"File Formats ZOO"},"content":{"rendered":"

In 2009 my wife drawn a lovely illustration for my upcoming book about malware analysis. Unfortunately, I couldn’t complete the book (for various reasons) and her work never saw it to the printer. I really liked that illustration though and have been always thinking that I will find a way to use it one day. Today is the day and I present it to you, together with a short information on some most popular file formats. File formats is a topic that has been discussed so many times that it is not even worth mentioning, yet I do hope that while skimming the short information below, you will still find something new there. I have more interesting file signatures to come and will publish them when I complete binary snapshots. Illustration will be there too \ud83d\ude42<\/p>\n

\"\"<\/a><\/pre>\n
0x00 0x00 0x01 0x00<\/span><\/strong><\/p>\n
Windows Icon file (*.ico).<\/p>\n
00 00 01 00<\/strong> 01 00 20 20 10 00 00 00 00 00 E8 02\u00a0 ……\u00a0 ……..<\/p>\n
00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00\u00a0 ……(… …@.<\/p>\n
\u2026<\/p>\n
0x00 0x00 0x01<\/span><\/strong><\/p>\n
Mpg movie (*.mpg, *.mpe, *.mpeg).<\/p>\n
00 00 01<\/strong> BA 21 00 01 00 0F 80 0D F9 00 00 01 BB\u00a0 …<\/strong>.!………..<\/p>\n
00 0C 80 0D F9 07 E1 FF B8 C0 20 B9 E0 28 00 00\u00a0 ………. ..(..<\/p>\n
\u2026<\/p>\n
0x00 0x01 0x00 0x00 Standard Jet DB<\/span><\/strong><\/p>\n
Microsoft Access database\u00a0 (*.mdb, *.accdb).<\/p>\n
00 01 00 00 53 74 61 6E 64 61 72 64 20 4A 65 74\u00a0 ….Standard Jet<\/strong><\/p>\n
20 44 42 <\/strong>00 00 00 00 00 B5 6E 03 62 60 09 C2 55\u00a0\u00a0 DB<\/strong>……n.b`..U<\/p>\n
\u2026<\/p>\n
. . 0x0D 0x0A<\/span><\/strong><\/p>\n
Python compiler script\u00a0 (*.pyc).<\/p>\n
D1 F2 0D 0A<\/strong> 7E 74 F3 47 63 00 00 00 00 00 00 00\u00a0 ....<\/strong>~t.Gc…….<\/p>\n
00 0B 00 00 00 40 00 00 00 73 FD 00 00 00 64 00\u00a0 …..@…s….d.<\/p>\n
\u2026<\/p>\n
0x1F 0x8B<\/span><\/strong><\/p>\n
Tar archive compressed using gzip (*.tgz).<\/p>\n
1F 8B<\/strong> 08 00 03 83 74 3A 02 03 EC 3C FD 73 DB 36\u00a0 ……t:…<.s.6<\/p>\n
B2 FD D5 FC 2B 30 8E A6 B6 72 16 15 F9 2B 17 B9\u00a0 ….+0…r…+..<\/p>\n
\u2026<\/p>\n
!<arch><\/strong><\/span><\/p>\n
Library file (*.lib).<\/p>\n
21 3C 61 72 63 68<\/strong> 3E 0A 2F 20 20 20 20 20 20 20\u00a0 !<arch><\/strong>.\/<\/p>\n
20 20 20 20 20 20 20 20 31 31 32 36 39 34 35 34\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 11269454<\/p>\n
\u2026<\/p>\n
!<arch>.debian-binary<\/strong><\/span><\/p>\n
Debian software package (*.deb).<\/p>\n
21 3C 61 72 63 68 3E 0A 64 65 62 69 61 6E 2D 62\u00a0 !<arch>.debian-b<\/strong><\/p>\n
69 6E 61 72 79 <\/strong>20 20 20 31 32 30 36 36 34 30 32\u00a0 inary<\/strong>\u00a0\u00a0 11066402<\/p>\n
\u2026<\/p>\n
%PDF<\/strong><\/span><\/p>\n
PDF document File (*.pdf).<\/p>\n
25 50 44 46<\/strong> 2D 31 2E 33 0D 25 E2 E3 CF D3 0D 0A\u00a0 %PDF<\/strong>-1.3.%……<\/p>\n
36 20 30 20 6F 62 6A 0D 3C 3C 20 0D 2F 4C 69 6E\u00a0 6 0 obj.<< .\/Lin<\/p>\n
\u2026<\/p>\n
.RMF<\/strong><\/span><\/p>\n
RMVB movie (*.rm, *.rmvb).<\/p>\n
2E 52 4D 46<\/strong> 00 00 00 12 00 01 00 00 00 00 00 00\u00a0 .RMF<\/strong>…………<\/p>\n
00 07 50 52 4F 50 00 00 00 32 00 00 00 1C FD E0\u00a0 ..PROP…2……<\/p>\n
\u2026<\/p>\n
0& 0xB2 u<\/strong><\/span><\/p>\n
ASF or WMV movie (*.asf, *.wmv).<\/p>\n
30 26 B2<\/strong> 75<\/strong> 8E 66 CF 11 A6 D9 00 AA 00 62 CE 6C\u00a0 0&.u<\/strong>.f…….b.l<\/p>\n
85 02 00 00 00 00 00 00 05 00 00 00 01 02 A1 DC\u00a0 …………….<\/p>\n
\u2026<\/p>\n
7z<\/strong><\/span><\/p>\n
7Zip archive (*.7z).<\/p>\n
37 7A<\/strong> BC AF 27 1C 00 03 11 05 8F B2 13 00 00 00\u00a0 7z<\/strong>..’………..<\/p>\n
00 00 00 00 54 00 00 00 00 00 00 00 8F 51 A0 B5\u00a0 ….T……..Q..<\/p>\n
\u2026<\/p>\n
?_<\/span><\/strong><\/p>\n
Old Windows Help format (*.hlp).<\/p>\n
3F 5F<\/strong> 03 00 0C 01 00 00 FF FF FF FF 1B 39 00 00\u00a0 ?_<\/strong>………..9..<\/p>\n
FC 00 00 00 F3 00 00 00 00 6C 03 21 00 01 00 21\u00a0 ………l.!…!<\/p>\n
\u2026<\/p>\n
BM<\/strong><\/span><\/p>\n
Bitmap file (*.bmp).<\/p>\n
42 4D<\/strong> 38 00 1B 00 00 00 00 00 36 00 00 00 28 00\u00a0 BM<\/strong>8…….6…(.<\/p>\n
00 00 00 03 00 00 40 02 00 00 01 00 20 00 00 00\u00a0 ……@….. …<\/p>\n
\u2026<\/p>\n
BZh<\/strong><\/span><\/p>\n
Archive compressed using Bzip2 (*.bz, *.bz2, *.bzip2).<\/p>\n
42 5A 68<\/strong> 39 31 41 59 26 53 59 B6 0D 89 62 00 8F\u00a0 BZh<\/strong>91AY&SY…b..<\/p>\n
C8 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF\u00a0 ……………….<\/p>\n
\u2026<\/p>\n
CWS<\/strong><\/span><\/p>\n
Compressed Flash movie (*.swf).<\/p>\n
43 57 53<\/strong> 08 AD C6 00 00 78 9C E4 BD 07 5C 13 CB\u00a0 CWS<\/strong>…..x….\\..<\/p>\n
F7 28 3E 1B 12 B2 81 D0 41 50 83 62 07 41 11 EC\u00a0 .(>…..AP.b.A..<\/p>\n
\u2026<\/p>\n
d8:announce<\/strong><\/span><\/p>\n
Torrent file (*.torrent).<\/p>\n
64 38 3A 61 6E 6E 6F 75 6E 63 65 33 39 3A 68 74\u00a0 d8:announce39:ht<\/p>\n
74 70 3A 2F 2F 74 6F 72 72 65 6E 74 2E 75 62 75\u00a0 tp:\/\/torrent.ubu<\/p>\n
\u2026<\/p>\n
FLV<\/strong><\/span><\/p>\n
Flash Video file (*.flv).<\/p>\n
46 4C 56 01<\/strong> 05 00 00 00 09 00 00 00 00 12 00 01\u00a0 FLV.<\/strong>…………<\/p>\n
C2 00 00 00 00 00 00 00 02 00 0A 6F 6E 4D 65 74\u00a0 ………..onMet<\/p>\n
\u2026<\/p>\n
\u2026ftyp<\/strong><\/span><\/p>\n
Quicktime movie (*.mov).<\/p>\n
00 00 00 20 66 74 79 70<\/strong> 71 74 20 20 20 05 03 00\u00a0 … ftyp<\/strong>qt\u00a0\u00a0 …<\/p>\n
71 74 20 20 00 00 00 00 00 00 00 00 00 00 00 00\u00a0 qt\u00a0 …………<\/p>\n
\u2026<\/p>\n
From: <Saved by Windows Internet Explorer><\/strong><\/span><\/p>\n
MIME HTML archive which may contain various files saved in a MIME format (*.mht).<\/p>\n
46 72 6F 6D 3A 20 3C 53 61 76 65 64 20 62 79 20\u00a0 From: <Saved by <\/strong><\/p>\n
57 69 6E 64 6F 77 73 20 49 6E 74 65 72 6E 65 74\u00a0 Windows Internet<\/strong><\/p>\n
20 45 78 70 6C 6F 72 65 72 20 37 3E 0D 0A 53 75\u00a0\u00a0 Explorer 7>..Su<\/strong><\/p>\n
\u2026<\/p>\n
GIF87a<\/strong><\/span><\/p>\n
Picture saved in GIF 87a format (*.gif).<\/p>\n
47 49 46 38 37 61<\/strong> 59 00 6D 00 F7 00 00 00 00 00\u00a0 GIF87a<\/strong>Y.m…….<\/p>\n
00 00 40 00 00 80 00 00 FF 00 20 00 00 20 40 00\u00a0 ..@……. .. @.<\/p>\n
\u2026<\/p>\n
GIF89a<\/strong><\/span><\/p>\n
Picture saved in GIF 89a format (*.gif).<\/p>\n
47 49 46 38 39 61<\/strong> 01 00 01 00 80 00 00 FF FF FF\u00a0 GIF89a<\/strong>……….<\/p>\n
00 00 00 21 F9 04 01 00 00 00 00 2C 00 00 00 00\u00a0 …!…….,….<\/p>\n
\u2026<\/p>\n
ID3<\/strong><\/span><\/p>\n
Mp3 music file (*.mp3).<\/p>\n
49 44 33<\/strong> 03 00 00 00 00 06 46 54 45 4E 43 00 00\u00a0 ID3<\/strong>……FTENC..<\/p>\n
00 01 40 00 00 00 00 00 00 00 00 00 02 00 00 00\u00a0 ..@………….<\/p>\n
\u2026<\/p>\n
IDA1<\/strong><\/span><\/p>\n
The database of IDA Pro disassembler (*.ida).<\/p>\n
49 44 41 31<\/strong> 00 00 3E 00 00 00 43 60 01 00 48 E0\u00a0 IDA1<\/strong>..>…C`..H.<\/p>\n
01 00 00 00 00 00 4D 20 02 00 DD CC BB AA 01 00\u00a0 ……M ……..<\/p>\n
\u2026<\/p>\n
II<\/strong><\/span><\/p>\n
Image saved in TIFF (Intel) file format (*.tif, *.tiff).<\/p>\n
49 49<\/strong> 2A 00 18 CA 34 00 2C 30 33 35 37 3B 34 35\u00a0 II<\/strong>*…4.,0357;45<\/p>\n
39 38 38 3D 38 37 3C 35 34 39 33 31 36 31 2F 34\u00a0 988=87<5493161\/4<\/p>\n
\u2026<\/p>\n
ISC(<\/strong><\/span><\/p>\n
InstallShield Cabinet File (*.cab). Requires a separate installer called setup.exe.<\/p>\n
49 53 63 28<\/strong> 0C 60 00 01 00 00 00 00 00 02 00 00\u00a0 ISc(<\/strong>.`……….<\/p>\n
00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00\u00a0 …………….<\/p>\n
\u2026<\/p>\n
ITSF<\/strong><\/span><\/p>\n
Windows Help File (*.chm).<\/p>\n
49 54 53 46<\/strong> 03 00 00 00 60 00 00 00 01 00 00 00\u00a0 ITSF<\/strong>….`…….<\/p>\n
40 62 C0 46 09 04 00 00 10 FD 01 7C AA 7B D0 11\u00a0 @b.F…….|.{..<\/p>\n
\u2026<\/p>\n
KGB_arch<\/strong><\/span><\/p>\n
Archive file created by KGB compression utility (*.kgb).<\/p>\n
4B 47 42 5F 61 72 63 68<\/strong> 20 2D 33 0D 0A 32 35 30\u00a0 KGB_arch<\/strong> -3..250<\/p>\n
30 33 32 09 72 65 61 64 6D 65 2E 74 78 74 0D 0A\u00a0 032.readme.txt..<\/p>\n
\u2026<\/p>\n
L 0x00 0x00 0x00<\/strong><\/span><\/p>\n
Windows shortcut file (*.lnk).<\/p>\n
4C<\/strong> 00 00 00<\/strong> 01 14 02 00 00 00 00 00 C0 00 00 00\u00a0 L…<\/strong>…………<\/p>\n
00 00 00 46 CB 40 00 00 20 00 00 00 F4 AA 17 AE\u00a0 …F.@.. …….<\/p>\n
\u2026<\/p>\n
L 0x01 0x05<\/strong><\/span><\/p>\n
Object file (*.obj).<\/p>\n
4C 01 05<\/strong> 00 67 20 93 45 76 0A 00 00 3C 00 00 00\u00a0 L..<\/strong>.g .Ev…<…<\/p>\n
00 00 00 00 2E 74 65 78 74 00 00 00 00 00 00 00\u00a0 …..text…….<\/p>\n
\u2026<\/p>\n
MM<\/strong><\/span><\/p>\n
Image saved in TIFF (Motorola) file format (*.tif, *.tiff).<\/p>\n
4D 4D<\/strong> 00 2A 00 00 0D 32 81 FF CD FF FB FF FF FE\u00a0 MM<\/strong>.*…2……..<\/p>\n
01 FF FD FA FE 06 FF FE FE FF FE FE FF FF FE FD\u00a0 …………….<\/p>\n
\u2026<\/p>\n
\u2026moov<\/strong><\/span><\/p>\n
Quicktime movie (*.mov).<\/p>\n
00 00 41 DE 6D 6F 6F 76<\/strong> 00 00 00 6C 6D 76 68 64\u00a0 ..A.moov<\/strong>…lmvhd<\/p>\n
00 00 00 00 BD 38 15 59 BD 38 15 59 00 00 02 58\u00a0 …..8.Y.8.Y…X<\/p>\n
\u2026<\/p>\n
MP+<\/strong><\/span><\/p>\n
Musepack Audio File (*.mpc).<\/p>\n
4D 50 2B<\/strong> 07 81 35 00 00 00 00 C0 5F 00 00 00 00\u00a0 MP+<\/strong>..5….._….<\/p>\n
00 00 00 00 00 00 C0 80 F7 07 02 73 5A 3B 8B 80\u00a0 ………..sZ;..<\/p>\n
\u2026<\/p>\n
MSCF<\/strong><\/span><\/p>\n
Microsoft Cabinet File\u00a0 (*.cab).<\/p>\n
4D 53 43 46<\/strong> 00 00 00 00 8E 07 3E 00 00 00 00 00\u00a0 MSCF<\/strong>……>…..<\/p>\n
2C 00 00 00 00 00 00 00 03 01 01 00 01 00 00 00 \u00a0,……………<\/p>\n
\u2026<\/p>\n
MZ<\/strong><\/span><\/p>\n
Windows\/DOS executable (*.exe, *.dll, *.sys, *.cpl, *.ocx, and others).<\/p>\n
4D 5A<\/strong> 90 00 03 00 00 00 04 00 00 00 FF FF 00 00\u00a0 MZ<\/strong>…………..<\/p>\n
B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00\u00a0 ……..@…….<\/p>\n
\u2026<\/p>\n
OggS<\/strong><\/span><\/p>\n
Music file saved in OggS format (*.ogg).<\/p>\n
4F 67 67 53<\/strong> 00 02 00 00 00 00 00 00 00 00 67 0B\u00a0 OggS<\/strong>……….g.<\/p>\n
00 00 00 00 00 00 46 7D C7 F2 01 1E 01 76 6F 72\u00a0 ……F}…..vor<\/p>\n
\u2026<\/p>\n
PK<\/strong><\/span><\/p>\n
Zip Archive;\u00a0 used by Java (e.g. JAR files) and Microsoft Office 2007 (*.zip, *.jar, *.docx, and others).<\/p>\n
50 4B<\/strong> 03 04 14 00 02 00 00 00 F8 43 36 38 00 00\u00a0 PK<\/strong>………C68..<\/p>\n
00 00 00 00 00 00 00 00 00 00 16 00 00 00 45 78\u00a0 …………..Ex<\/p>\n
\u2026<\/p>\n
Rar!<\/strong><\/span><\/p>\n
Rar Archive (*.rar, *.r00, *.r01, \u2026, part1.rar, part2.rar, \u2026).<\/p>\n
52 61 72 21<\/strong> 1A 07 00 CF 90 73 00 00 0D 00 00 00 \u00a0Rar!<\/strong>…..s……<\/p>\n
00 00 00 00 31 A3 74 C0 90 2E 00 3F F9 3B 00 00\u00a0 ….1.t….?.;..<\/p>\n
\u2026<\/p>\n
regf<\/strong><\/span><\/p>\n
Windows registry file (*.dat, *.<no extension>).<\/p>\n
72 65 67 66<\/strong> 01 00 00 00 01 00 00 00 00 00 00 00\u00a0 regf<\/strong>…………<\/p>\n
00 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00\u00a0 …………….<\/p>\n
\u2026<\/p>\n
RIFF…ACON<\/strong><\/span><\/p>\n
Animated cursor (*.cur).<\/p>\n
52 49 46 46<\/strong> 50 3A 00 00 41 43 4F 4E<\/strong> 4C 49 53 54\u00a0 RIFF<\/strong>P:..ACON<\/strong>LIST<\/p>\n
46 00 00 00 49 4E 46 4F 49 4E 41 4D 0B 00 00 00\u00a0 F…INFOINAM….<\/p>\n
\u2026<\/p>\n
RIFF…AVI<\/strong><\/span><\/p>\n
AVI movie\u00a0 (*.avi).<\/p>\n
52 49 46 46<\/strong> 88 51 5A 01 41 56 49<\/strong> 20 4C 49 53 54\u00a0 RIFF<\/strong>.QZ.AVI<\/strong> LIST<\/p>\n
46 01 00 00 68 64 72 6C 61 76 69 68 38 00 00 00\u00a0 F…hdrlavih8……<\/p>\n
\u2026<\/p>\n
SZDD<\/strong><\/span><\/p>\n
A file compressed with Microsoft program compress.exe\u00a0 (*.??_ e.g. *.ex_ for compressed *.exe).<\/p>\n
53 5A 44 44<\/strong> 88 F0 27 33 41 65 00 74 00 00 FF 4D\u00a0 SZDD<\/strong>..’3Ae.t…M<\/p>\n
5A 90 00 03 00 00 00 7D 04 F5 F0 FF FF 00 00 B8\u00a0 Z……}……..<\/p>\n
\u2026<\/p>\n
0x60 0xEA<\/strong><\/span><\/p>\n
Arj archive (*.arj).<\/p>\n
60 EA<\/strong> 2E 00 22 0B 01 0A 10 00 02 EB EB BC 86 3A\u00a0 `.<\/strong>..”……….:<\/p>\n
EB BC 86 3A 00 00 00 00 00 00 00 00 00 00 00 00\u00a0 …:…………<\/p>\n
\u2026<\/p>\n
0x78 0x01<\/strong><\/span><\/p>\n
DMG image for Mac (*.dmg).<\/p>\n
78 01 ED<\/strong> 9D 0B 80 1D 55 7D FF 67 E6 3E F7 BE 76\u00a0 x..<\/strong>….U}.g.>..v<\/p>\n
49 78 04 44 5C F3 8F 2B 41 B2 5D 48 08 81 50 59\u00a0 Ix.D\\..+A.]H..PY<\/p>\n
\u2026<\/p>\n
{\\rtf<\/strong><\/span><\/p>\n
Document saved in Rich Text Format (RTF) (*.rtf).<\/p>\n
7B 5C 72 74<\/strong> 66<\/strong> 31 5C 61 64 65 66 6C 61 6E 67 31\u00a0 {\\rtf<\/strong>1\\adeflang1<\/p>\n
30 32 35 5C 61 6E 73 69 5C 61 6E 73 69 63 70 67\u00a0 025\\ansi\\ansicpg<\/p>\n
\u2026<\/p>\n
0x7F ELF<\/strong><\/span><\/p>\n
Linux executable\u00a0 (*.<no extension>, *.so).<\/p>\n
7F 45 4C 46<\/strong> 01 01 01 00 00 00 00 00 00 00 00 00\u00a0 .ELF<\/strong>…………<\/p>\n
02 00 03 00 01 00 00 00 00 81 04 08 34 00 00 00\u00a0 …………4…<\/p>\n
\u2026<\/p>\n
0x89 PNG<\/strong><\/span><\/p>\n
An image saved in PNG format (*.png).<\/p>\n
89 50 4E 47<\/strong> 0D 0A 1A 0A 00 00 00 0D 49 48 44 52\u00a0 .PNG<\/strong>……..IHDR<\/p>\n
00 00 03 D5 00 00 02 78 08 02 00 00 00 E4 DD 57\u00a0 …….x…….W<\/p>\n
\u2026<\/p>\n
0xCA 0xFE 0xBA 0xBE (CAFEBABE)<\/strong><\/span><\/p>\n
Java file (*.class) or Mac Mach-O Universal binary (*.app).<\/p>\n
CA FE BA BE<\/strong> 00 00 00 32 00 C0 0A 00 30 00 6A 09\u00a0 …….2….0.j.<\/p>\n
00 2F 00 6B 07 00 6C 08 00 6D 0A 00 03 00 6E 09\u00a0 .\/.k..l..m….n.<\/p>\n
\u2026<\/p>\n
0xD0\u00a0 0xCF\u00a0 0x11 0xE0 (D0CF11E)<\/strong><\/span><\/p>\n
Compound OLE file from Microsoft\u00a0 (*.doc, *.xls, *.msi, and others).<\/p>\n
D0 CF 11 E0<\/strong> A1 B1 1A E1 00 00 00 00 00 00 00 00\u00a0 ……<\/strong>……….<\/p>\n
00 00 00 00 00 00 00 00 3E 00 03 00 FE FF 09 00\u00a0 ……..>…….<\/p>\n
\u2026<\/p>\n
0xED 0xAB 0xEE 0xDB<\/strong><\/span><\/p>\n
Red Hat Package Manager File (*.rpm).<\/p>\n
ED AB EE DB<\/strong> 03 00 00 00 00 01 74 75 78 70 61 69\u00a0 ….<\/strong>……tuxpai<\/p>\n
6E 74 2D 30 2E 39 2E 32 30 2D 31 2E 66 38 5F 66\u00a0 nt-0.9.20-1.f8_f<\/p>\n
\u2026<\/p>\n
0xEF 0xBB 0xBF<\/strong><\/span><\/p>\n
Text encoded in UTF8 (*.txt, *.utf8, and others).<\/p>\n
EF BB BF<\/strong> 54 68 69 73 20 69 73 20 61 20 73 69 6D\u00a0 …This is a sim<\/p>\n
70 6C 65 20 74 65 78 74 20 66 69 6C 65 20 2E 2E\u00a0 ple text file ..<\/p>\n
\u2026<\/p>\n
0xFF 0xD8…JFIF<\/strong><\/span><\/p>\n
Picture saved in a JPEG format (*.jpg, *.jpe, *.jpeg).<\/p>\n
FF D8<\/strong> FF E0 00 10 4A 46 49 46<\/strong> 00 01 02 00 00 64\u00a0 ……JFIF<\/strong>…..d<\/p>\n
00 64 00 00 FF FE 00 12 41 64 6F 62 65 20 49 6D\u00a0 .d……Adobe Im<\/p>\n
\u2026<\/p>\n
0xFE 0xFF<\/strong><\/span><\/p>\n
Text encoded in UTF16BE (*.txt, and others).<\/p>\n
FE FF<\/strong> 00 54 00 68 00 69 00 73 00 20 00 69 00 73\u00a0 …T.h.i.s. .i.s<\/p>\n
00 20 00 61 00 20 00 73 00 69 00 6D 00 70 00 6C\u00a0 . .a. .s.i.m.p.l<\/p>\n
\u2026<\/p>\n
0xFF 0xFE<\/strong><\/span><\/p>\n
Text encoded in UTF16LE (*.txt, and others).<\/p>\n
FF FE<\/strong> 54 00 68 00 69 00 73 00 20 00 69 00 73 00\u00a0 ..T.h.i.s. .i.s.<\/p>\n
20 00 61 00 20 00 73 00 69 00 6D 00 70 00 6C 00\u00a0\u00a0 .a. .s.i.m.p.l.<\/p>\n
\u2026<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
In 2009 my wife drawn a lovely illustration for my upcoming book about malware analysis. Unfortunately, I couldn’t complete the book (for various reasons) and her work never saw it to the printer. I really liked that illustration though and … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[21],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/894"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=894"}],"version-history":[{"count":10,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/894\/revisions"}],"predecessor-version":[{"id":905,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/894\/revisions\/905"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}