파일 시그니처(File Signatures) 모음

반응형


분석을 하다보면 파일의 헤더(File Header) 부분이 뭔지 찾아볼 때가 생긴다.
그런것들을 방지하기 위해 많이 사용되는 파일들의 헤더 시그니쳐를 정리해 두었다.

물론 내가 한건 아니고 ㅋㅋㅋㅋ
나도 퍼왔다^^ 참고 사이트는 하단에 있다.

Hex Signature/File Header File Extension ^ ASCII Signature Additional Info.
45 DA .386   Executable File
23 20 6F 62 6A 65 78 70 .3md # objexp  
54 49 46 46 47 52 41 50 .3tf TIFFGRAP  
64 74 53 65 61 72 63 68 .abc dtSearch ABC Programming Language
4D 53 43 46 00 00 00 00 .ac_ MSCF  
00 02 0? 00 0? .acb    
C3 AB CD AB .acg ëͫ  
  .acl    
4D 5A 90 00 03 00 00 00 .acm MZ Executable File
C3 AB CD AB .acs ëͫ  
41 44 46 33 .adf ADF3  
  .adm    
69 66 28 70 65 76 61 6C .adp if(peval  
30 00 00 04 15 05 05 2? .adx   Lotus Approach ADX File
21 12 .ain   AIN Archive File
0A 3C EB A2 7F EF A3 4E .am <ë¢ï£N  
4A A5 14 1C 05 99 CC 44 .am J¥™ÌD  
5B 76 65 72 5D .ami   Lotus Ami Pro
4D 53 43 46 00 00 00 00 .an_ MSCF  
  .anb    
52 49 46 46 .ani RIFF  
4D 5A 90 00 03 00 00 00 .api MZ  
D0 CF 11 E0 A1 B1 1A E1 .apr   Lotus Approach APR File
  .aps    
1A 02 .arc   ARC/PKPAK Compressed 1
1A 03 .arc   ARC/PKPAK Compressed 2
1A 04 .arc   ARC/PKPAK Compressed 3
1A 08 .arc   ARC/PKPAK Compressed 4
1A 09 .arc   ARC/PKPAK Compressed 5
  .art    
60 EA .arj   ARJ Compressed
4D 53 43 46 00 00 00 00 .as_ MSCF  
3C 4F 42 4A 45 43 54 20 .asa <OBJECT   
  .asd    
  .asf    
  .ashx    
4D 00 69 00 63 00 72 00 .asms Micr  
  .aso    
3C 25 40 20 43 4F 44 45 .asp <%@ CODE  
02 00 00 00 53 44 4D 00 .ast    
3C 41 53 58 20 56 65 72 .asx <ASX Ver  
2E 73 6E 64 .au   SoundMachine Audio File
41 56 47 20 37 2E 30 20 .avg AVG 7.0   
  .avg    
41 56 49 20 .avi   Audio Video Interleave File (AVI)
52 49 46 46 .avi RIFF Audio Video Interleave File (AVI)
52 49 46 46 6A 42 01 00 .avi RIFF Audio Video Interleave File (AVI)
41 56 47 20 37 20 2D 20 .avm AVG 7 -   
8A 01 0A 00 00 00 E1 08 .aw    
4D 5A 90 00 03 00 00 00 .ax MZ Executable File
4D 53 43 46 00 00 00 00 .ax_ MSCF  
  .axd    
  .bag   AOL Feedbag
5B 33 2F 31 32 2F 32 30 .bak   Backup File
  .bas    
52 45 4D 20 44 75 6D 6D .bat   Batch File
58 54 01 00 1A 00 43 6C .bdr XT  
FF 53 43 43 FF 4D 41 50 .bin   Binary File
42 4D .bmp BM Windows Bitmap Image
42 54 4C 46 30 31 2E 30 .btl BTLF01.0  
42 5A 68 .bz   Bzip Archive
42 5A 68 .bz2   Bzip Archive
49 53 63 28 .cab   Cabinet File
4D 53 43 46 .cab MSCF Microsoft CAB File Format
30 82 .cat    
0? 00 FF FF 00 00 06 00 .cbz    
  .cdx    
19 0D B7 4D 64 CE 0D D1 .cfg ·MdÎÑ  
4D 53 43 46 00 00 00 00 .ch_ MSCF  
49 54 53 46 .chm ITSF Compiled HTML/Help File
49 54 53 46 03 00 00 00 .chq ITSF  
FF FE 3F 00 61 00 62 00 .chs ÿþ?  
CA FE BA BE 00 .class Êþº¾  
43 4F 4D 2B .clb COM+  
CA FE BA BE 00 03 00 2D .cls Êþº¾  
  .clw    
  .cmd    
4D 53 43 46 .cn_ MSCF  
3A 42 61 73 65 20 .cnt :Base   
4D 5A 90 00 03 00 00 00 .cnv MZ  
4A 4D .cod JM  
4D 5A  .com MZ  
23 20 50 6F 73 74 67 72 .conf # Postgr  
3C 3F 78 6D 6C 20 76 65 .config <?xml.version=  
4D 5A .cpl MZ  
CD DC 03 00 .cpl ÍÜ  
  .cpp    
  .cpx    
43 52 55 53 48 .cru   CRUSH Archive File
43 52 55 53 48 .crush   CRUSH Archive File
23 21 2F 62 69 6E 2F 63 .csh #!/bin/c  
  .css   Cascading Style Sheet
41 56 47 .ctf AVG AVG Antivirus
2D 2D 20 .ctl --  
3B 2A 2A .cty ;**  
00 00 02 00 0? 00 20 20 .cur    
42 54 43 56 23 23 42 61 .cvb BTCV##BaseCV  
43 4F 4D 2B 01 00 00 00 .dat COM+  
D0 CF 11 E0 A1 B1 1A E1 .db   Windows Thumbnail Cache
  .dbf    
CF AD 12 FE C? ?D .dbx    
3A DE 68 B1 .dcx   DCX Graphic File
72 65 67 66 AB 37 .default regf«7  
42 4D 76 3A .dib BMv:  
3C 4F 20 6E 61 6D 65 3D .dict    
4D 5A .dll MZ Dynamic Link Library
4D 5A 90 00 03 00 00 00 .dll   Dynamic Link Library
46 00 00 00 FF FF 01 00 .dms   Domain File for Domain Punch Pro software
D0 CF 11 E0 A1 B1 1A E1 .doc ÐÏ à¡± á Microsoft Word 2003 Document
7F FE 34 0A .doc   MS Word
12 34 56 78 90 FF .doc   MS Word 6.0
31 BE 00 00 00 AB 00 00 .doc   MS Word for DOS 6.0
50 4B 03 04 14 00 06 00 .docx   Microsoft Word 2007 Document
D0 CF 11 E0 A1 B1 1A E1 .dot ÐÏ à¡± á  
4D 5A .drv MZ  
4D 5A ?? 00 ?? 00 00 00 .drv   Device Driver
4D 5A ?? 01 ?? 00 00 00 .drv   Device Driver
4D 5A .ds MZ  
4D 47 58 20 69 74 70 64 .ds4   Micrografix Designer 4
23 20 4D 69 63 72 6F 73 .dsp # Micros  
5B 4? 65 6? 6? .dtb    
3C 21 45 4E 54 49 54 59 .dtd   XML DTD
5B 50 68 6F 6E 65 5D 0D .dun [Phone] Dialup Networking File
5B 47 65 6E 65 72 61 6C .ecf [General]  
10 00 00 05 80 00 00 .emf    
25 21 50 53 .eps %!PS-Adobe-3.1 Adobe EPS File
00 0C 00 00 00 00 00 00 .etl   Circular Trace Log File
03 00 00 00 C4 66 C4 56 .evt    
4D 5A 90 .exe MZ Microsoft Executable
4C 01 02 00 3E 0D 1C 46 .exp   Export File
00 00 1A 00 07 80 01 00 .fm3   Lotus 123 v3 FMT File
20 00 68 00 20 .fmt   Lotus 123 v4 FMT File
4D 5A 90 00 03 00 00 00 .flt    
3F 5F 03 00 .gid   Windows Help File
47 49 46 38 37 61 .gif GIF87a Graphics Interchange Format
47 49 46 38 39 61 .gif GIF89a Graphics Interchange Format
1F 8B 08 .gz   GZ Compressed File
91 33 48 46 .hap   HAP Archive File
3F 5F 03 00 .hlp ?_ Windows Help File
3C 68 74 6D 6C 3E .htm   HyperText Markup Language 1
3C 48 54 4D 4C 3E .htm   HyperText Markup Language 2
3C 21 44 4F 43 54 .htm   HyperText Markup Language 3
3C 21 44 4F 43 54 59 50 .htm   HyperText Markup
28 54 68 69 73 20 66 69 .hqx    
48 57 50 20 44 6F 63 75 6D 65 6E 74 20 46 69 6C 65 20 56 .hwp   HWP File
D0 CF 11 E0 A1 B1 1A E1 00 .hwp   HWP File
00 00 01 00 .ico   Windows Icon File
5B 2E 53 68 65 6C 6C 43 .ini   Initialization File
FF FE 0D 00 0A 00 ?? 00 .ini   Initialization File
00 00 00 00 00 00 00 00 .iso   ISO-9660 Disc Image
FF 44 56 54 20 4B 46 00 .ix    
5F 27 A8 89 .jar   JAR Archive File
FF D8 FF FE 00 .jpeg   JPG Graphical File
FF D8 FF E1 .jpg   JPG Graphical File
2D 6C 68 35 2D .lha   LHA Compressed
21 3C 61 72 63 68 3E 0A .lib   Object File Library
4C 00 00 00 01 14 02 00 .lnk   Windows Shortcut (Link File)
FF FE 3? 00 ?? 00 3A 00 .log    
  .lzh lh LZ Compression File
3C 3F 78 6D 6C 20 76 65 .manifest <?xml.version= Manifest File
00 01 00 00 53 74 61 6E .mdb   Microsoft Access Database
4D 54 68 64 .mid MThd MIDI Audio File
6D 64 61 74 .mov   QuickTime Movie
49 44 33 03 .mp3 ID3 MP3 Audio
00 00 01 B3 .mpg   MPEG Movie
00 00 01 B3 .mpeg   MPEG Movie
3C 3F 78 6D 6C 20 76 65 .msc   Microsoft Management Console Snap-in Control File
4D 5A 90 00 03 00 00 00 .msstyles   Microsoft Windows Visual Style
4D 5A 90 00 03 00 00 00 .mui   Configuration Resource File
0D 00 ?? ?? ?? 00 3F 00 .nls   National Language Support File
0D 00 ?? ?? ?? 00 6F 00 .nls   National Language Support File
1A 00 00 03 00 00 11 00 .nsf   Lotus Notes Database/Template
1A 00 00 03 00 00 11 00 .ntf   Lotus Notes Database/Template
4C 01 .obj   Compiled Object Module
4D 5A 90 00 03 00 00 00 .ocx MZ Object Linking and Embedding (OLE) Control Extension
4D 5A 90 00 03 00 00 00 .olb   Object Library File
25 50 44 46 2D 31 2E 33 .pdf %PDF Adobe Portable Document File
25 50 44 46 2D 31 2E 34 .pdf %PDF Adobe Portable Document File
89 50 4E 47 0D 0A 1A 0A .png ‰PNG Portable Network Graphic
7E 42 4B 00 .psp   PaintShop Pro Image File
21 42 44 4E 4D 37 4C CA .pst !BDN Personal Folder File
D0 CF 11 E0 A1 B1 1A E1 .pub   Microsoft Publisher Document
6D 64 61 74 .qt   Quicktime Movie File
2E 72 61 FD .ra   Real Audio File
2E 72 61 FD .ram   Real Audio File
52 61 72 21 .rar   RAR Archive File
52 45 47 45 44 49 54 30 .reg    
ED AB EE DB .rpm   RPM Archive File
7B 5C 71 74 66 31 .rtf {\rtf1 Rich Text Format File
7B 5C 72 74 66 31 .rtf {\rtf1 Rich Text Format File
53 49 54 21 .sit   Stuffit v1 Archive File
53 74 75 66 66 49 74 .sit   Stuffit v5 Archive File
4D 5A .sys   Executable File
1F 8B .tar   Gzip Archive File
1F 8B .tgz   Gzip Archive File
49 49 2A .tif   TIFF (Intel)
4D 4D 2A .tif   TIFF (Motorola)
49 49 2A .tiff   TIFF (Intel)
4D 4D 2A .tiff   TIFF (Motorola)
43 68 61 72 61 63 74 65 .tlb    
  .txt   Text File
55 46 41 .ufa   UFA Archive File
EF BB BF 3C 3F 78 6D 6C .u3i    
55 43 45 58 ?? ?? 00 00 .uce    
5B 49 6E 74 65 72 6E 65 .url   Internet Shortcut
54 79 70 65 3D 45 78 65 .vbp    
27 2A 2A 2A 2A 2A 2A 2A .vbs    
27 2D 2D 2D 2D 2D 2D 2D .vbs    
42 45 47 49 4E 3A 56 43 .vcf    
62 65 67 69 6E 3A 76 63 .vcf    
4D 5A 90 00 03 00 00 00 .vdm    
5B 53 6F 75 72 63 65 46 .ver    
4D 5A 90 00 03 00 00 00 .vxd    
4D 5A 90 00 03 00 00 00 .w32    
52 49 46 46 .wav    
52 49 46 46 .wav RIFF WAVE PCM Soundfile Format 
00 00 02 00 02 10 C9 00 .wb2    
00 00 02 00 02 10 C9 00 .wb3    
30 00 00 00 01 00 00 00 .wiz    
D0 CF 11 E0 A1 B1 1A E1 .wiz    
20 00 60 40 60 .wk1   Lotus 123 v1 Worksheet
00 00 1A 00 00 10 04 00 .wk3   Lotus 123 v3 Worksheet
00 00 1A 00 02 10 04 00 .wk4   Lotus 123 v5 Worksheet
4D 53 43 46 00 00 00 00 .wm_    
30 26 B2 75 8E 66 CF 11 .wma    
57 00 69 00 6E 00 64 00 .wmdb    
D7 CD C6 9A .wmf   Windows META File
3C 21 2D 2D 0D 0A 20 20 .wms    
FF FE 3C 00 21 00 2D 00 .wms    
30 26 B2 75 8E 66 CF 11 .wmz    
50 4B 03 04 09 00 00 00  .wmz    
FF 57 50 43 .wp   WordPerfect v5 or v6
FF 57 50 4? ?? ?? 00 00 .wpd    
FF 57 50 43 23 05 00 00 .wpd    
FF 57 50 47 .wpg   WordPerfect Graphic
3C 3F 77 70 6C 20 76 65 .wpl    
31 BE 00 00 00 AB 00 00 .wri    
7B 5C 72 74 66 31 .wri {\rtf1 Windows Write Document
D0 CF 11 E0 A1 B1 1A E1 .wri    
4D 5A 90 00 03 00 00 00 .x32    
3C 3F 78 6D 6C 20 76 65 .xdr    
3C 53 63 68 65 6D 61 20 .xdr    
3C 3F 78 6D 6C 20 76 65 .xhtml    
D0 CD 00 E0 A1 B1 1A E1 .xla    
09 02 06 00 00 00 10 00 .xls   MS Excel v2
09 04 06 00 00 00 10 00 .xls   MS Excel v4
D0 CF 11 E0 A1 B1 1A E1 .xls ÐÏ à¡± á Microsoft Excel Sheet
D0 CF 11 E0 A1 B1 1A E1 .xlt   Microsoft Excel Sheet
3C 3F 78 6D 6C 20 76 65 .xml   Extensible Markup Language File
EF BB BF 3C 3F 78 6D 6C .xml    
FF FE 3C 00 3F 00 78 00 .xml    
3C 3F 78 6D 6C 20 76 65 .xsl    
EF BB BF 3C 3F 78 6D 6C .xsl    
3C 3F 78 6D 6C 20 76 65 .xul    
00 ?? 49 52 49 53 20 67 .ytr    
1F 9D .z   TAR Compressed Archive File
4D 5A 90 00 03 00 00 00 .zap    
50 4B 03 04 .zip   Zip Compressed
50 4B 03 04 .zip   PKZIP Compressed
50 4B 30 30 50 4B 03 04 .zip   WINZIP Compressed
50 4B 03 04 0A 00 00 00 .zip PK Compressed Archive
50 4B 03 04 14 00 00 00 .zip PK Compressed Archive
5A 4F 4F 20 .zoo   ZOO Archive File

참고 한 사이트는 아래와 같다.

-

김재벌의 IT이야기 - 포렌식을 위한 파일 시그니쳐 모음

-

파일 시그니처 모음 (Common File Signatures)

두 블로그 모두 포렌식을 공부하는 사이트로 차후에도 도움이 많이 될 듯 하다^^


댓글(4)

  • 2012.06.29 09:11 신고

    아 이게 김재벌님이 만드신거였구나... 전 HWP 파일로 가지고 있는데 출처가 없어서 공유하기가 참 난감했었는데 ㅎㅎ

  • ㅇㅇ
    2022.04.19 23:53

    광고 좀 적당히 넣어요.. 무슨 토토사이트인줄 알았네

    • 2022.04.19 23:55 신고

      죄송합니다 (__)
      지금 저도 보니 너무 많게 느껴지네요
      본문상단과 전체광고를 제외하고 모두 삭제했습니다.

Designed by JB FACTORY