Nerd For Tech
Published in

Nerd For Tech

Read a Malware as HEX File Using Notepad++

Photo by Markus Spiske on Unsplash

HEX, usually called “hexadecimal,” is a numerical mathematics system representing numbers using a radix (base) of 16. The typical way to read a file in HEX format is to use IDA, but IDA is not accessible for free. Well, there are many cracked versions of it. But, we can guarantee the safeness of that application.

We need to read something in HEX format because we usually face something dangerous for our systems, such as malware or something we don’t recognize at a time. Why? because in this digital age, sometimes we can get anything from many sources without knowing it’s safe or not. In this post, I want to share how to make your Notepad++ can be used to read a file as HEX.

Malware Source

Okay, let’s do the practice. You can follow this if you want or just read the article. One last reminder from me is that we are playing with malware, and if your computer is being infected, I can’t help. Take your own risk!

In this article, I will use Bitcoin miners’ malware as an example. I collect this malware from the fabricmagic72 repository. You can download it here. Remember never to execute it because we don’t know yet how it affects your system. Download and extract it, and if your download or extraction failed, maybe your antivirus is enabled; you should disable it first.

The malware has already been downloaded.



After getting the malware sample, open the BIN file using Notepad++, and you will see something like this.

The visualization of malware (before)

As you can see right now, we can’t get any information from it because the file is shown as broken. FYI, in the first line, the word ‘MZ’ stands for ‘Mark Zbikowski.’ The word ‘MZ’ is a signature used by the MS-DOS relocatable 16-bit EXE format. It is just like a standard executable file (.exe) that is older. Usually, this signature is commonly referred to as Portable Executable (PE) used in malware.

For simplicity, if you execute this file, the program is running, which means the virus successfully penetrates your system. So be careful when facing a file like this.

Adding HEX Plugins

Notepad++ has features for reading HEX, but this feature, by default, is disabled. To activate it, open the Plugins tab and choose Plugin Admin.

Adding Plugins into Notepad++

Next, find HEX-Editor in the available tab; you can use the search column to make it easier; after that, click install.

Finding HEX Editor Plugins For Notepad++

This action is needed administrator privilege and will close the applications, so click Yes to continue the installation.

Click ‘Yes’ to continue.

After the program is restarted, right now, in the plugins tab, you can see Hex-Editor; you can choose ‘View in HEX’ or just click Ctrl+Alt+Shift+H on the keyboard.

The Hex-Editor is activated.


Tadaaaa Here is the visualization of your Notepad++ right now; it is more readable, right. The most important thing about reading a malware file in HEX mode is that the malware couldn’t infect your PC.

The visualization of malware (after)

Using these plugins lets, you read anything with any extensions such as .exe, .bytes, .asm, etc.


Finally, we come into the final section; we have already installed plugins for Notepad++ to make it read malware in HEX mode. Well, because this article’s purpose is not for analyzing malware, we are done here. I believe you that read this article know what you do.

Stay safe and happy analyzing





NFT is an Educational Media House. Our mission is to bring the invaluable knowledge and experiences of experts from all over the world to the novice. To know more about us, visit

Recommended from Medium


Cyber Security Interview Questions Part-1

How to create a Telegram-RAT (Remote Access Trojan)-2020

{UPDATE} Pixnuri -Minesweeper Hack Free Resources Generator

{UPDATE} Word Gems & Jewels FREE Hack Free Resources Generator

{UPDATE} Simple Word Search Puzzles Hack Free Resources Generator

I know when you are at home. Billions of iOS users making AirTags a favorite snooper’s weapon

KEBAB — BTCB LP, KEBAB BUSD LP & KEBAB — BNB LP is now part of 🔐 PrivacySwap

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Handhika Yanuar Pratama

Handhika Yanuar Pratama

A Stoic Developer || Junior Data Engineer || Dreamer

More from Medium

Installing Windows on a Linode Instance — The foolproof guide.

How to use Windows Subsystem for LUNIX to Install Ubuntu on your Windows? (Part 2)


How to hack into a Linux machine?