File Entropy Calculator
Drop a file to compute its Shannon entropy for the whole file and for fixed-size windows plotted across it. High-entropy regions (near 8.0 bits/byte) suggest compression or encryption. Entropy analysis is a common hunting technique for spotting packed sections in binaries and encrypted payloads hidden inside documents.
Drop a file here, or use the file picker:
How it works
Shannon entropy measures how unpredictable the byte values in a file are. For byte-level data it ranges from 0 (every byte identical) to 8 (every byte value equally likely). Plain text and structured binary data land in the middle, while compressed or encrypted data sits near the top.
The tool reports two measurements:
- Overall entropy across the entire file, giving a single headline number.
- Windowed entropy computed in chunks of the selected window size and plotted over the file's byte offset.
Windowing surfaces localized regions that the overall number would hide. A mostly plaintext binary with one encrypted blob in the middle looks unremarkable in aggregate, but produces a visible spike on the chart at the blob's offset.
High entropy is not evidence of malicious intent on its own. Legitimate formats such as PNG, JPEG, ZIP, and signed executables all contain compressed sections, so treat it as a signal worth investigating alongside other artifacts.