Files name = 343.edf Header Hex = 45 53 41 00 0B 00 00 00 - 78 00 00 00 10 00 00 text= ESA x
I searched but could not find information, Do your have that information ? (
Do you have any context as to where the file was originally located?
Do you have any information on where the file came from? Which OS, path, etc.?
If Windows, did you do any file extension analysis to determine which application this file extension may be associated with? Doing a Google look up leads to indications of a couple of different apps that might apply; however, with no context, there's not really much anyone can do beyond speculate.
HTH
I might be miles off target here (especially seeing the file is on the USER desktop) but I seem to remember a similar instance where it turned out to be an AV quarantine file (the 183k looks prime candidate for a keygen/trojan)? Check the AV and see what format quarantine files are exported. If not, please keep us posted.
Regards
Do you have any context as to where the file was originally located?
We fount it in flash drive
Probably not a quarantine file then (
How entropic if the file - as a quick test, if you compress the file (use as higher setting as possible) how much smaller does it get?
Is it possible to get a slightly better display of the data, ie all 16 bytes across and not truncated at 0xc?
I would guess that the 0x78 in byte 8 is the offset to the data
0xb at offset 4 looks like a 4 byte number as would the 0x10 at offset 0xc
I would also guess that the the 0x3e8 at offset ox40 could be a version number, ie 1000 or 1.000
This leaves the 0x30 byte header that currently looks meaningless.
Data looks possibly compressed, or encrypted, hence Alex's question to see if the file will compress.