What is an .exe file? Is it the same as an executable?

You may often see .exe files but you may not know what they are. Is it the same as an executable file? The short answer is no. So what’s the difference?

What is an .exe file?

Exe in this context is a file extension denoting an executable file for Microsoft Windows. Windows file names have two parts. The file’s name, followed by a period followed by the extension (suffix). The extension is a three- or four-letter abbreviation that signifies the file type.

I hear some advanced users moaning in the back of the class, because there are many exceptions. But as a general rule, everything behind the last period in the filename is the extension. For example, because Windows default settings don’t always show the extension of a file, some malware authors name their files really_trustworthy.doc.exe, hoping that the user’s Windows settings cause it to hide the .exe part and have the user believe this is a document they can safely open.

By using this trick in filenames like YourTickets.pdf.exe, malware like Cryptolocker was mailed to millions of potential victims. The icon was the same as legitimate pdf files so it was hard for some receivers to spot the difference. Usually the mails pretend to be from a worldwide courier service, but they also mask themselves as a travel agency.

Wait, what? Is a .exe file a virus?

An .exe file can be a virus, but that is certainly not true for all of them. In fact, the majority are safe to use or even necessary for your Windows system to run. It all depends on what is in an .exe file. Basically .exe files are programs that have been translated into machine code (compiled). So, whether an .exe file is malicious or not depends on the code that went into it.

Most of the normal .exe file will adhere to the Portable Executable (PE) file format. The name “Portable Executable” refers to the fact that the format is not architecture specific, meaning they can be used in 32-bit and 64-bit versions of Windows operating systems. By this standard format the actual code can be found in the .text section(s) of an executable.

How do I open an .exe file?

This is an ambiguous question that deserves two answers.

To use an .exe file you can usually just double click it. You may get a security prompt before it actually runs, but technically you will have initiated running the program inside the .exe file.

If you want to look what is inside an .exe file then that is a much more complicated question. It depends why you want to look inside. Examining files without running them is called static analysis, whereas dynamic analysis is done by executing the program you want to study. As mentioned before, .exe files have been compiled by machine code, so you need special programs to do static analysis. The most well-known program to do this is IDA Pro, which translates machine code back to assembly code. This makes an .exe more understandable, but it still takes a special skillset to make the step from reading assembly code to understanding what a program does.

Difference to an executable

The definition of an executable file is: “A computer file that contains an encoded sequence of instructions that the system can execute directly when the user clicks the file icon. Executable files commonly have an .exe file extension, but there are hundreds of other executable file formats.

So, every true .exe file is an executable but not every executable file has the .exe extension. We mentioned before that .exe files are commonly intended for use on systems running on a Windows OS . That doesn’t mean you can’t open an .exe file on, say, your Android device, but you will need an emulator or something similar to make that happen. The same is true if you are wondering how to open an .exe file on a system running macOS.

Are .exe files safe to open?

It’s not safe to open any .exe file you encounter.. Just like any other file, it depends on the source of the file as to whether you can trust it or not. If you receive an .exe file from an untrusted source, you should use your anti-malware scanner to scan the file and find out whether it is malicious or not. If you’re still in doubt, get a second opinion by uploading it to VirusTotal to check if any of the participating vendors detects the file.

Can an .exe file run itself?

Any executable file needs a trigger to run. A trigger can be a user double-clicking the file, but it can also be done from the Windows registry, for example when Windows starts up. So the closest an .exe file can come to running itself is by creating a copy in a certain location and then point a startup registry key to that location. Or by dropping the copy or a shortcut in the Startup folder, since all the files in that folder get run when Windows starts.

But there are other triggers. For example, there are Autoplay and Autorun options in Windows that get executed at the connection of, for example, USB devices. Malware can be hidden in the firmware of devices that get executed once the device is connected, etc. Which is one reason not to trust USB sticks you find in a parking lot or that get handed out as swag.  You do not want to be responsible for the next cyber incident in your organization, right?

Other executable files

All the potentially bad stuff I have written about .exe files is just as true for almost all other executable files, so it’s not true that .exe files are bad by nature or that they should be trusted the least. The same dangers can be associated with other executable files. Unfortunately, other operating systems have their own viruses which use their own executable files, but that’s for another day.

Stay safe, everyone!

The post What is an .exe file? Is it the same as an executable? appeared first on Malwarebytes Labs.

Article Link: What is an .exe file? Is it the same as an executable? - Malwarebytes Labs | Malwarebytes Labs