Windows Script Component

application/octet-stream

High

⚠️

High Risk Format

This file type can contain executable code. Always validate source and scan with antivirus before opening.

Magic Bytes

Offset: 0


            3C 21 64 6F 63 74 79 70

Windows Script Component (WSF) is an XML-based file format developed by Microsoft for executing scripts within the Windows Script Host environment. It primarily serves to consolidate multiple scripting languages, such as VBScript and JScript, into a single file for system automation and the creation of COM components. As a legacy format capable of executing arbitrary code, it poses a significant security risk and is frequently leveraged in malware campaigns to bypass security controls.

Extension

.wsf

MIME Type

application/octet-stream

Byte Offset

Risk Level

High

Validation Code

How to validate .wsf files in Python

Python

def is_wsf(file_path: str) -> bool:
    """Check if file is a valid WSF by magic bytes."""
    signature = bytes([0x3C, 0x21, 0x64, 0x6F, 0x63, 0x74, 0x79, 0x70])
    with open(file_path, "rb") as f:
        return f.read(8) == signature

How to validate .wsf files in Node.js

Node.js

function isWSF(buffer: Buffer): boolean {
  const signature = Buffer.from([0x3C, 0x21, 0x64, 0x6F, 0x63, 0x74, 0x79, 0x70]);
  return buffer.subarray(0, 8).equals(signature);
}

func IsWSF(data []byte) bool {
    signature := []byte{0x3C, 0x21, 0x64, 0x6F, 0x63, 0x74, 0x79, 0x70}
    if len(data) < 8 {
        return false
    }
    return bytes.Equal(data[:8], signature)
}

API Endpoint

GET /api/v1/wsf


              curl https://filesignature.org/api/v1/wsf

Related Formats

.wsc .wmf .mof .rpm .xml .xsd .wb1 .p25 .ac