Skip to content

Windows/DOS executable file magic bytes (.exe)

.exe file signature: 4D 5A | application/vnd.microsoft.portable-executable

Category: Executables

The Windows/DOS executable file format is a legacy program file format introduced by Microsoft for MS-DOS and later used by Windows systems. It is used to store applications, installers, self-extracting archives, and other runnable binaries. Because executable files can contain active code, they are a common malware delivery mechanism and should be opened only from trusted sources; the format also includes historical variants such as NE and PE.

High

Magic Bytes

Offset 0
4D 5A

Sources: Wikipedia, Gary Kessler, Neil Harvey FileSignatures

Validation Code

How to validate .exe files in Python

Python
def is_exe(file_path: str) -> bool:
    """Check if file is a valid EXE by magic bytes."""
    signature = bytes([0x4D, 0x5A])
    with open(file_path, "rb") as f:
        return f.read(2) == signature

How to validate .exe files in Node.js

Node.js
function isEXE(buffer: Buffer): boolean {
  const signature = Buffer.from([0x4D, 0x5A]);
  return buffer.subarray(0, 2).equals(signature);
}

How to validate .exe files in Go

Go
func IsEXE(data []byte) bool {
    signature := []byte{0x4D, 0x5A}
    if len(data) < 2 {
        return false
    }
    return bytes.Equal(data[:2], signature)
}

API Endpoint

GET /api/v1/exe
curl https://filesignature.org/api/v1/exe

See the full API documentation for all endpoints and parameters.

Related Formats

Frequently Asked Questions

What is a .exe file?

A .exe file is a Windows/DOS executable file. The Windows/DOS executable file format is a legacy program file format introduced by Microsoft for MS-DOS and later used by Windows systems. It is used to store applications, installers, self-extracting archives, and other runnable binaries. Because executable files can contain active code, they are a common malware delivery mechanism and should be opened only from trusted sources; the format also includes historical variants such as NE and PE.

What are the magic bytes for .exe files?

The magic bytes for Windows/DOS executable file (.exe) files are 4D 5A at byte offset 0. These bytes identify the file format more reliably than the extension alone.

How do I validate a .exe file?

To validate a .exe file, read the first bytes of the file and compare them against the known magic bytes (4D 5A) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .exe files?

The primary MIME type for .exe files is application/vnd.microsoft.portable-executable.

Is it safe to open .exe files?

Windows/DOS executable file (.exe) files are high risk because they can contain executable code. Never open .exe files from untrusted sources. Always scan with antivirus software, verify the source, and consider running in a sandboxed environment.