That new .exe file looks tempting…
But what if it’s hiding something dangerous?
Here’s how to analyze any installer without executing it, using safe, static analysis.
✅ 1. Check file extension and size
-
Should be
.exe,.msi, or.bat -
Suspicious if:
-
Size under 300 KB (too small)
-
File extension mismatch (e.g.,
.pdf.exe)
-
✅ Right-click → Properties → Confirm type and size.
✅ 2. Use PEStudio (for .exe files)
Download PEStudio → Drag the file into it
Reveals:
-
Obfuscated code
-
Suspicious API calls
-
Known malware behavior patterns
-
No execution required
✅ Great for static detection.
✅ 3. Use VirusTotal + behavior tab
-
Upload installer to https://www.virustotal.com
-
Check:
-
Detection ratio
-
Behavior tab (for known samples)
-
Community comments
-
✅ 70+ antivirus engines + behavioral flags.
✅ 4. Look at digital signature
-
Right-click → Properties → Digital Signatures
-
Signed by a legit company = usually safer
-
No signature? Be cautious
✅ “Unknown Publisher” is a common malware sign.
✅ 5. Check strings with tools like Exeinfo PE
-
Shows embedded texts, URLs, file paths
-
Hidden scripts or foreign domains are red flags
✅ Good for spotting phone-home behavior.
Key points to remember
-
Don’t run an installer unless it passes static checks
-
Use PEStudio and VirusTotal before execution
-
Look for missing signatures or suspicious strings
-
Size, extension, and metadata often reveal the truth