diff --git a/ext/winevt/winevt_utils.cpp b/ext/winevt/winevt_utils.cpp
index 307edce..9cda173 100644
--- a/ext/winevt/winevt_utils.cpp
+++ b/ext/winevt/winevt_utils.cpp
@@ -129,6 +129,36 @@ guid_to_wstr(const GUID& guid)
   return s;
 }
 
+static VALUE
+make_displayable_binary_string(PBYTE bin, size_t length)
+{
+  const char *HEX_TABLE = "0123456789ABCDEF";
+  CHAR *buffer;
+  int size = length * 2 + 1;
+  size_t i, j;
+  unsigned int idx = 0;
+  VALUE vbuffer;
+
+  if (length == 0) {
+    return rb_str_new2("(NULL)");
+  }
+
+  buffer = ALLOCV_N(CHAR, vbuffer, size);
+
+  for (i = 0; i < length; i++) {
+    for (j = 0; j < 2; j++) {
+      idx = (unsigned int)(bin[i] >> (j * 4) & 0x0F);
+      buffer[2*i+(1-j)] = HEX_TABLE[idx];
+    }
+  }
+  buffer[size - 1] = '\0';
+
+  VALUE str = rb_str_new2(buffer);
+  ALLOCV_END(vbuffer);
+
+  return str;
+}
+
 static VALUE
 extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
 {
@@ -302,6 +332,14 @@ extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
           rb_ary_push(userValues, rbObj);
         }
         break;
+      case EvtVarTypeBinary:
+        if (pRenderedValues[i].BinaryVal == nullptr) {
+          rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
+        } else {
+          rbObj = make_displayable_binary_string(pRenderedValues[i].BinaryVal, pRenderedValues[i].Count);
+          rb_ary_push(userValues, rbObj);
+        }
+        break;
       default:
         rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
         break;