Targets
files, URLs, raw IPs
windows desktop triage tool BinaryLens keeps the first pass in one native Windows UI.
Point it at a suspicious file, URL, hostname, or raw IP and get a report that is easier to read than a pile of scattered checks. The goal is simple: make the first decision cleaner before deeper analysis starts.
Stack
C++ · Qt 6 · MASM
Output
report, IOC export, analyst view
Release
installer + portable package
desktop capture
current ui
inside the frame
target input, report actions, large results area
why it matters
the site is showing the real app, not a fake browser render
what the public build already covers
Concrete features that already exist in the project
This page works better when it stays close to the real repo: what the desktop build inspects, what the report exposes, and what the release already lets people try.
One desktop flow for three target types
The same Windows UI handles suspicious files, normal URLs, hostnames, and raw IP targets without pushing the first pass into three different tools.
Readable report instead of a mystery score
BinaryLens leans on sections, reasons, and corroborated signals so the verdict reads like a triage checkpoint instead of a black-box label.
Archive-aware payload calibration
Low-level hits inside clean containers are treated more carefully, so raw motifs alone do not automatically overcall a harmless archive.
URL and IP context that stays practical
When the target is network-facing, the project can surface provider, organization, ASN, ownership, and infrastructure context that helps the first pass.
External enrichment when it helps
YARA matching and optional VirusTotal lookups add outside context without pretending those services should be the only source of truth.
Built as a real Windows project
This is not a browser mockup. The public release comes from a native desktop codebase with Qt UI work, CMake setup, MASM routines, and packaging support.
how the workflow is supposed to feel
A better starting point, not a replacement for analysis
BinaryLens is strongest when it helps you move from target to report without making the result look more certain than it really is.
01
Give it the target
Start with a file path, URL, hostname, or raw IP from the same application window.
02
Let the evidence stack up
Hashes, PE/import details, archive traits, YARA hits, payload hints, and network context are gathered when they fit the target type.
03
Read the report like a triage note
The useful part is the explanation behind the result, not just the top-line label.
04
Go deeper only when the case deserves it
Use the output to decide whether the next step is sandboxing, reversing, IOC follow-up, or a manual second look.
who this project makes sense for
Good fit for people who care about the workflow
BinaryLens gets more interesting when you care about how a native Windows triage tool is stitched together and how the result is explained.
cybersecurity students who want a Windows project that feels real instead of academic
reverse engineering beginners looking for a practical codebase to read and extend
malware triage learners who want more context before a deeper manual pass
developers interested in how a Qt desktop tool can wrap security-focused analysis modules
what it is not trying to be
The project still stays honest about its limits
That honesty matters more than dramatic marketing. BinaryLens is a first-pass tool, and the site should say that clearly.
not a sandbox replacement
not an EDR substitute
not final authority on whether something is malicious
still a project under active iteration, with rough edges and evolving heuristics
repo and release reality
What someone can actually do with the project today
This site gets stronger when it sounds like a real project page: what is packaged, what is in the repo, and what the app already exposes in the UI.
Public release right now
The current public milestone is v1.1.0 with two package types: installer for the normal setup flow and portable for extract-and-run use.
Source-build path
The repo is set up around Visual Studio, CMake, Qt 6.10.2, MASM, and optional Inno Setup files for packaging the installer.
Useful outputs
Besides the main verdict text, the desktop build already supports report export, IOC export, clipboard copy, and analyst-oriented views.
site map
Each page is here for a normal reason
Download the build, inspect the docs, watch the desktop capture, or skim the release notes. Nothing else needs to be forced into the site.
download or inspect
Try the public build, then inspect the repo if you want the internals.
The public release is there for people who want to run the tool quickly. The repository is there for people who care about the C++, Qt, MASM, and packaging side behind it.