windows desktop triage tool

BinaryLens keeps files, URLs, hostnames, and raw IPs inside one triage flow.

The public build gives you a native Windows interface for inspecting suspicious targets, stacking signals, and walking away with a readable report before deeper analysis starts.

Download installer Portable version Open repositories

Targets

files, URLs, hostnames, raw IPs

Stack

C++ · Qt 6 · MASM

Outputs

report, IOC export, analyst view

Release

installer + portable package

desktop capture

current ui

BinaryLens desktop interface showing the target field, action buttons, and results area

inside the interface

target field, report actions, and the large results area

what you see

the actual app flow before export or deeper manual analysis

what is already in the app

Concrete things the project already does

One desktop flow for several target types

The same Windows UI handles suspicious files, URLs, hostnames, and raw IPs instead of splitting the first pass across separate tools.

Readable report instead of a mystery score

Sections, reasons, and corroborated signals make the result read like a triage note instead of an opaque label.

Better archive calibration

Low-level hits inside clean containers are treated more carefully so harmless archives are less likely to look exaggerated.

Practical URL and IP context

The project can already surface provider, organization, ASN, ownership, and infrastructure context for a faster first read.

External enrichment when it helps

Optional YARA and VirusTotal support add context without pretending a single source solves the whole case.

Native project, not a mockup

The public release comes from a desktop codebase with Qt, CMake, MASM, and real Windows packaging.

how the flow works

From target input to a readable report

Bring in the target

Start with a file path, URL, hostname, or raw IP inside the same desktop window.

Let signals stack up

Hashes, PE details, archive traces, YARA, payload hints, and network context enter the report when they fit the target.

Read the report like a triage note

The valuable part is the explanation behind the result, not just the top-line verdict.

Go deeper only when needed

Use the output to decide between sandboxing, reversing, IOC follow-up, or a second manual review.

best fit

For people who want more readable first-pass triage

teams and students who want a more readable first-pass workflow

people who prefer a native Windows tool over a scattered process

anyone learning malware triage and wanting more context before going deeper

developers interested in a desktop project with Qt, C++, MASM, and real packaging

limits

No pretending the app does more than it does

it does not replace sandboxing

it does not replace an EDR

it is not the final authority on whether something is malicious

it is still an evolving project with heuristic tuning in progress

what you can do now

From download to report

Public build ready

Installer and portable package ready for Windows.

Outputs for analysis

Report export, IOC export, clipboard copy, and analyst view are already there.

Open code right next to it

Main repository with desktop UI, analyzers, MASM, and build chain.

shortcuts