Malware Researchers must take into account a wide range of factors in order to effectively triage, reverse, and address the threat of modern malware. Provenance, or being able to infer the origins of a given sample, is an important but often overlooked characteristic of most malware that may not be apparent to those entering this field. With added knowledge, and new tooling we can make our lives easier. Being able to determine the compiler provenance of a sample is valuable to a reverse engineer as it can speed up the detection of anomalous or otherwise interesting sections of a given binary. I’ll discuss how different compilers and build systems produce different Windows (PE) binaries, where ‚Äòinteresting’ bits of code exist across different kinds of binaries, their expected behaviour and defining characteristics and most importantly how to leverage this information to make heuristic conclusions that will improve one’s reverse engineering efficiency. The talk also coincides with the public release of two things; 1. A package of Yara rules to fingerprint binaries by compiler type and 2. A tool which facilitates the analysis of a given binary by providing a graphic and diagnostic output that can denote malicious and benign segments.