I am not sure, if this is even something for this forum, but I wrote a tool that visualizes Portable Executable files.
Here are some interesting ones.
Some explanation about the pictures:
These are actually two pictures per file, one left and one right. The right side shows the structure of the file, which is determined by my PE parser. General: It has headers and sections. Sections are the grey scaled tones and often start with a dot in their name. Sections may contain resources, debug-information, exported and imported functions, and executable code. The entry point marks the start of execution, it is displayed as one red square.
The left side are kind of "xrays". The left displays the entropy, which is how much information is in there. If you had everything filled with one and the same byte (= no information content), you would get a black area. If you had random numbers in that area, it would be white, because repetition is unlikely. That also means, encrypted and compressed content is very bright.
An example is in the first picture, which displays an infected host file. The virus hides itself by encrypting its body and copying itself into the last section of the file. The last section there is .gdata (see legend to find it).
You can also see that the overlay (= appended data) and the .data section have almost no information content as the area is black. The .text section contains the executable code, you also see the red squared entry point there. Code has a high entropy, but not as much as encrypted or compressed data.
Salty is an entry-point obscuring (EPO) polymorphic file infector. Here you see an infected file. The encrypted virus body is in the last section (here .gdata, entropy is high, thus a light area for .gdata on the left). Apart from that it overwrites the host file's code with obscuring instructions.
VirusTotal Analysis: https://www.virustotal.com/en/file/07ac76fd7886072c06c4d55a1a18b932a56f1a3057f1c6877628812d73b35c96/analysis/
W32.Simile, also known as W32.Etap
W32.Simile is a very complex virus that uses entry-point obscuring, metamorphism, and polymorphic decryption. It infects files in folders on all fixed and remote drives that are mapped at the time that the virus is executed. The virus contains no destructive payload, but infected files may display messages on certain dates.
Zeus Trojan (one of the many out there)
Zeus (also known as Zbot, Kneber, PRG, NTOS, Wsnpoem and Gorhax) is a crimeware kit designed to steal banking information and credentials through various means. The Zeus trojan is spread ma all over.inly through drive-by downloads and phishing schemes.
For comparison here are two pictures of non-malicious files that didn't apply any protection like encryption/compression: