File Signature
File Signature Definition
A file signature, sometimes called a magic number, is a short sequence of bytes stored at the beginning of a file that identifies its true format. Computer programs use this signature to recognize how to handle the file, regardless of the file extension shown in the filename. This allows the system to understand what a file really is, even if its name has been changed or mislabeled.
How a File Signature Works
When a file is opened, the operating system or application reads the first few bytes of its header to identify the actual file format. These bytes are then compared against a known list of file signatures. If a match is found, the system knows the file’s format and chooses the correct way to handle it.
If the signature doesn’t match the file extension, the system may warn about a mismatch, treat the file as corrupted, or block it altogether. Security tools also rely on this process to detect files that pretend to be harmless but contain something else. Security tools also rely on this process to detect files that pretend to be harmless but contain something else.
Benefits of File Signature
- Better file identification: Reveals the correct file type even if the extension has been mislabelled or is missing.
- Format validation: Confirms whether a file’s contents match what the filename claims.
- Increased efficiency: Allows programs to pick the correct application to read the file and minimize errors.
- Improved security: Helps detect malware disguised as genuine files, like documents, images, or installers.
- Data recovery support: Works with forensic and information recovery tools to repair or restore damaged or lost files.
Common File Signature Examples
| HEX File Signature | File Type | File Extension |
| 50 4B 03 04 14 00 06 00 | DOCX (Microsoft Office Document) | .doc |
| FF D8 FF E0 | JPEG (JPEG Image File) | .jpg |
| 89 50 4E 47 0D 0A 1A 0A | PNG (Portable Network Graphics) | .png |
| 47 49 46 38 39 61 | GIF89a (Graphics Interchange Format) | .gif |
| 00 00 00 18 66 74 79 70 | MPEG-4 video_1 | .MP4 |
| 50 4B 03 04 | ZIP (Compressed archive) | .zip |
Read More
FAQ
A file extension is part of the filename and can be changed easily by anyone. A file signature is embedded in the file itself and reflects its actual structure. Computer systems use file signatures, rather than file extensions, to determine the true file format.
Yes, file signatures can be changed by editing or deleting the binary data. However, doing so usually corrupts the file, making it unreadable or unusable. Malware sometimes manipulates signatures to hide malicious content, which is why security tools check file headers instead of trusting filenames.
No. Many binary file formats use signatures, but some text-based formats like TXT, CSV, JSON, or XML don’t have fixed magic numbers. These files are usually identified by context, structure, or file extensions rather than a specific signature.
A file signature is stored at the very beginning of a file, inside its header. To see it, you need a hex editor or a file analysis tool that shows raw byte data. Operating systems, antivirus software, and forensic tools read these bytes automatically in the background to identify file types and detect suspicious files.
45-Day Money-Back Guarantee