logo mlab Mlab.sh
v1.3.6
Legal Page
Mlab.sh
How To ?
Tools
  Mitre Map   JS Deobfuscator
  Login
File Scan · Documentation

File analysis & content inspection

The mlab File Scan provides a structured and transparent analysis of files, focusing on metadata, cryptographic fingerprints, format‑specific inspection and tool‑driven results.
Each file is analyzed using a set of tools adapted to its format and content.

1. File metadata & fingerprints

Every file is first identified using cryptographic and structural fingerprints. These identifiers allow correlation across scans and external intelligence sources.

This step ensures that files are uniquely identifiable regardless of their name or origin.

  • SHA256, MD5 and fuzzy hashes (SSDEEP)
  • File size, extension and MIME type
  • First seen timestamp
  • Deterministic file identity
How a file scan works
Upload
File received
Fingerprinting
Hashes & identity
Format detection
Type & structure
Tool execution
Format‑specific tools
Results
Human‑readable output

2. Format‑aware analysis

Files are not analyzed using a single generic pipeline. Instead, mlab selects tools based on the detected file format.

This ensures relevant results and avoids misleading or noisy outputs.

  • Images, documents, archives, binaries
  • Static structure inspection
  • Embedded data detection
  • Format‑specific parsers
Generic file scanners
  • Same tools for all files
  • High noise
  • Opaque verdicts
  • Limited context
mlab file analysis
  • Tool selection by format
  • Structured outputs
  • Explainable results
  • Analyst‑driven interpretation

3. Tool execution & results

Each compatible tool is executed independently and its raw output is preserved.

Results are displayed per tool, allowing analysts to understand how conclusions are derived.

  • One tab per tool
  • Raw and processed output
  • No hidden aggregation
  • Partial tool failures handled gracefully
Why some tools may not appear
Tools are selected based on file format, size, and content. Some files may not be compatible with certain analyses, while additional tools may be added progressively as support expands.

Responsible usage & limitations

File analysis is performed in a controlled and defensive context.

mlab does not execute files, does not attempt exploitation, and does not modify uploaded content.

  • No execution of uploaded files
  • Read‑only static analysis
  • Defensive security use‑cases
  • User responsibility for uploaded content