FileInsight

3.5 Build 800

A file analysis tool that offers you an insight of a file\'s structure, allowing security experts to find vulnerability or infection sources

Security experts have all sorts of tools at their disposal to analyze suspicious or malware files and conduct reverse engineering. Based on their findings, security products are created, and virus definitions are updated.
Having that in mind, the McAfee team developed the FileInsight application, a software solution meant for security researchers who need to have a look at the structure of executable files to find vulnerabilities and conclude about the way they are used for spreading out malware.

Analyze data and disassembled code 


The ribbon-based interface of FileInsight makes It very easy to work with, since all the options and features are displayed in tab-based, well-organized menus. The file editor is compatible with JavaScript and Python and takes most of the window, allowing you to create your own file from scratch or open an existing file for analysis. Support for HTML, Flash and portable executable files is provided. Additionally, C and C++ data structure declarations can be imported directly.
Opening a portable executable displays its hex structure by default, revealing the structure in the “Navigation” panel. There is information about the entry point, sections of the executable and the instruction set, as well as a complete list of imported libraries, each with its own functions.
All the structures in the loaded executable are shown and all the variables are displayed, along with their type and size. FileInsight comes with assembly code generation and integrated decoding tools, allowing you to enter the key to parse, analyze and process.

Extend default function set with plugin 


The hex editor supports various encoding modes and comes with a built-in calculator for quick conversions. Moreover, it features bookmark support and search capabilities.
By default, FileInsight comes with two plugins: the “setByteAt” script for processing strings and the other for generating the anomaly chart. The functionality of the application can be enriched using custom plugins written in Python.

Code analysis for security professionals 


FileInsight provides a file editor designed for programmers and security experts, which allows them to conduct in-depth analysis of the code of an application. With JavaScript and Python support, this editor provides a way to take a closer look at the disassembled code of any executable.