Client-Side Binary Inspector

Drop a Windows binary to review hashes, readable strings, flagged indicators, and a stricter static risk verdict.

The analysis is local-only and static. It does not execute, unpack, or decrypt files, but it treats payload, injection, downloader, shell, and networking indicators much more aggressively.

Inspect a File

Drag and drop a PE file below, or click the upload area. Analysis stays in the current browser session.

Binary Inspector PE triage, hashes, strings, URLs, imports, entropy and risk signals.

Py Extractor Detect PyInstaller archives, unpack CArchive items and rebuild extracted .pyc files.

⬆

Drag & drop your file

or click to choose a file from disk

No file loaded

Inspection Summary

Risk Verdict

—

File Name

—

File Size

—

SHA-256

—

Header Check

—

ASCII Strings

—

UTF-16 Strings

—

Flagged Indicators

—

Awaiting file input...

No verdict yet

Load a file to generate a static risk estimate.

Flagged Indicators

Plain-text indicators found in strings, such as webhook-like URLs, suspicious API names, downloader strings, shell strings, paths, URLs, and IPv4 values.

URLs / Webhooks

No indicators yet.

APIs / Commands / Paths / IPs

No indicators yet.

Py Extractor Output

When Py Extractor mode is selected, extracted archive members and rebuilt .pyc files appear here.

No extracted files yet.

Extracted Strings

Readable strings only. Entries that match stronger indicators are highlighted more aggressively.

No strings extracted yet.

Notes

This is a stricter static triage page. It is designed to reduce obvious false negatives, not to guarantee benignness or maliciousness.

Runs fully in the browser
Computes a SHA-256 hash locally
Checks for DOS/PE headers
Binary Inspector mode performs local-only static triage for PE files
Py Extractor mode detects PyInstaller CArchives and rebuilds extracted files locally
Flags suspicious imports, payload markers, shell indicators, networking strings, and recovered URLs
Does not upload or execute files