Five quick checks before you open any file — email attachment, downloaded software, or USB drive. Each check takes under 30 seconds and could prevent ransomware encrypting everything on your device.
Check the real file extension
Windows hides file extensions by default — and attackers exploit this. A file named "invoice.pdf" might actually be "invoice.pdf.exe" — an executable, not a PDF. Enable "Show file extensions" in Windows File Explorer (View > Show > File name extensions). On Mac, extensions are shown by default in Finder. Also watch for Unicode tricks: attackers sometimes embed a right-to-left override character so "invoiceFDP.exe" displays as "invoiceexe.PDF".
Run it through a file scanner
The fastest, most reliable check. SafeSearchScan's free file scanner checks the file's SHA-256 fingerprint against MalwareBazaar and HybridAnalysis databases — your actual file never leaves your device. Takes about 3 seconds. If the hash matches a known threat, you get an immediate warning.
Scan your file now — free →Question the source
Where did this file come from? Ask yourself: • Did someone I know send it — and was I expecting it? • Did it come from an official website, or a third-party download site? • Did a stranger send it via messaging app, Discord, or social media? The majority of malware arrives via social engineering — attackers get you to believe the file is legitimate. Even files from people you know are risky if their account was compromised.
Verify the file hash for software downloads
When downloading software (VLC, 7-Zip, Python, etc.), the developer publishes a SHA-256 or MD5 hash on their download page. This is a unique fingerprint — if even one byte of the file was changed, the hash changes completely. Use our file hash checker to compute your download's hash and compare it to the published value. A mismatch means the file was tampered with.
Check file hash →Open in a sandbox if still unsure
If you must open a suspicious file but the scanner shows no match (new malware won't be in databases yet), use an isolated environment: • Windows Sandbox — built into Windows 10/11 Pro, creates a disposable virtual machine • Any.run or Joe Sandbox — free online sandboxes that run the file and show what it does In a sandbox, the file runs in complete isolation. Anything malicious happens inside the sandbox and cannot affect your real system.
Quick reference — how dangerous is the file type you received?
.exe / .msi
Critical
Windows installers and executables. Highest risk — run code directly on your system. Only open from sources you absolutely trust.
.dmg / .pkg
Critical
macOS disk images and installers. Same risk level as .exe on Windows.
.bat / .ps1 / .vbs
Critical
Script files. Execute system commands directly. Almost never needed in normal use — treat with extreme suspicion.
.zip / .rar / .7z
High
Archives used to deliver malware and bypass email filters. Extract with caution and scan contents individually.
.docm / .xlsm / .pptm
High
Office files with macros. Never enable macros from untrusted documents — macros are used in the majority of business email compromise attacks.
Medium
Can contain embedded scripts and exploit code. Risk is much lower with an updated PDF reader, but scan unexpected PDFs from strangers.
.docx / .xlsx
Low-Medium
Standard Office documents without macros. Lower risk but can still contain links to malicious sites.
.jpg / .png / .gif
Low
Image files. Very low risk but not zero — some image parsers have had vulnerabilities. Modern systems are largely protected.
Hash-based scanning across MalwareBazaar, VirusTotal, and HybridAnalysis. No signup needed.
Scan a File Free →The highest-risk file types are: executables (.exe, .msi, .dmg, .pkg) — these run code directly on your system; scripts (.bat, .ps1, .vbs, .sh, .js) — execute commands on your device; Office files with macros (.docm, .xlsm, .pptm) — macros run code when enabled; compressed archives (.zip, .rar, .7z) — often used to bypass email filters; and PDF files from unknown sources — can contain embedded scripts. Image files (.jpg, .png) and plain text files (.txt) are low risk but not zero risk.
Windows hides file extensions by default — which is exploited by malware. To show real extensions: open File Explorer, click View > Show > File name extensions (Windows 11), or View > Options > Change folder and search options > View tab, then uncheck "Hide extensions for known file types" (Windows 10). Now you can see if "invoice.pdf" is actually "invoice.pdf.exe". Always enable this setting.
Yes. PDF files can contain embedded JavaScript, links to malicious sites, and in sophisticated attacks, exploit code that targets vulnerabilities in PDF readers like Adobe Acrobat. The risk is lower than with executable files but real. PDFs from unknown senders — especially unexpected invoices, legal documents, or shipping notices — should always be scanned before opening. Keep your PDF reader updated to minimise exploit risk.
Antivirus software catches known malware but can miss new threats (zero-days) and obfuscated malware. A clean antivirus scan reduces risk significantly but does not guarantee safety. For maximum assurance, also check the file with SafeSearchScan (which uses different threat intelligence databases), verify the file hash matches the developer's published hash, and only download software from official sources.
Your file never leaves your device. Takes 3 seconds. Checks against MalwareBazaar and HybridAnalysis.
Scan a File Free