What’s in This File? – Analyze Suspicious ZIP/PDF/Excel File Content Without Opening and See the Risks

What is the What’s in This File Tool?

Sometimes incoming emails attach files labeled as “invoice”, “shipping document”, “receipt”, but they may contain hacks. The problem is: You don’t want to open the file, but you’re curious about “what’s in this file“. The What’s in This File? tool perfectly addresses this need: it works like a file analysis tool, performs suspicious file analysis, and gives you a clear risk summary with file security check before opening the file.

What does it do? (Analysis without opening)

This tool aims to perform safe file review without “executing” the file and putting the user at risk. The basic principle: “show the content, mark the risks, make a decision.”

1) File identity and type verification

• file extension verification: It says “.pdf”, but is it really a PDF?
• magic bytes check and file signature verification for real file type detection
• file hash calculation: sha256 calculation (optional md5 calculation) to produce a unique fingerprint
• file metadata analysis: size, creation information, manufacturer software, etc.

2) For ZIP: list contents (without opening ZIP)

ZIP files are the most common traps. The tool:

• lists zip contents: shows folder/file names, counts, types
• gives a clear answer to the question “what’s inside the zip file” (contents without opening zip)
• zip password check: is it password protected? (could be a suspicion signal)
• zip bomb detection: does a very small zip have a massive expansion? (risk)

3) For PDF: catch invisible risks

PDF is not just “text”; it can carry links, forms, and scripts. The tool:

• checks pdf content and performs pdf security check
• pdf link detection: are there external links, where do they go?
• pdf javascript detection: is there a script inside the PDF?
• pdf embedded file and pdf attachment detection: is there another file embedded inside?
• pdf form detection: are there form fields/actions? (The term “PDF macro” is commonly used; technically, the risk in PDF is generally on the JavaScript/action/attachment side.)

4) For Excel/Office: macro and external link check

One of the most dangerous is Excel. The tool:

• separates file types: .xlsx / .xls / .xlsm check
• excel macro detection: is there VBA? (vba macro, ole detection)
• excel external link: does it pull data from the internet?
• CSV/Excel injection risks: csv injection / formula injection signs. This section is critical in terms of “office macro detection” and “malicious file check”.

What should the result screen look like?

Provide the user with a clear summary that will make them decide, not a “technical report”:

• Risk Score: Low / Medium / High
• Findings List: E.g. “There are 12 external links in the PDF”, “ZIP is password protected”, “XLSM contains a macro”
• Safe Action: such as “Do not open”, “Verify with source”, “Open in Sandbox”, “Extract only text”
• Technical Detail (if desired): sha256, file type, internal list, link fields

To add more (features that make a difference)

• “View only content” mode: view file content but no execution
• “Suspicious name pattern” alerts: double extensions like invoice_2025.pdf.exe
• “Safe text extraction”: extract only text from PDF/Office, carry no active content
• “Local analysis / analysis in browser” option: analyze the file without sending it to the server (in possible formats)

Summary: This tool analyzes ZIP/PDF/Excel attachments received by mail without opening them, checking “what’s there, what risks are there”; verifies the file type, lists the content, captures danger signals like macro/link/script, and leaves you with a clear decision area with the risk score.