Behavior and YARA rules.

The section contains two tables: Behavior and YARA rules. To open a necessary table, click its name.

Behavior

The section contains a brief description on file behavior.

Dr.Web vxCube records all actions registered on a virtual machine throughout the analysis and categorizes them depending on how harmful they may be.

Dr.Web vxCube defines 3 categories of file behavior:

•Malicious

•Suspicious

•Neutral

behavior yara en 910-300

Figure 17. Reports on file behavior and YARA rules triggers

YARA rules

The section contains information on YARA rules matches. The number of rules triggered during the analysis is displayed to the right from the table name.

The table displays information about the analysis results, tags, and triggered rules names.

To learn more about a rule, click on its name.

To sort table columns in ascending or descending order click the column titles.