File requirements
Dr.Web vxCube supports the following formats:
File format |
|
|---|---|
Windows executable files |
EXE, DLL, CPL, SYS, NATIVE APP, MSI |
Android packages |
APK |
Microsoft Office documents |
MHT, RTF, DOC, DOCX, DOCM, DOTM, DOTX, WPS, XLL, XLS, XLSX, XLSM, XLSB, XLAM, XTLX, XTLM, SLK, IQY, PPT, PPTX, PPTM, PPSX, PPSM, SLDX, SLDM, PPA, PPAM, THMX, POTX, POTM, XML, ACCDB, PUB, ODT, ODS, ODP |
Acrobat Reader files |
|
Java executable files |
JAR, CLASS |
Script files |
JS, VBS, WSF, JSE, VBE, PS1, BAT, SCT, XSL |
Other |
MOF, LNK, HTA, CHM, ZIP, ARJ, XZ, ACE, TAR, BZ2, CAB, GZ, RAR, 7Z |
|
Files with the ZIP, ARJ, XZ, ACE, TAR, BZ2, CAB, GZ, RAR, 7Z extensions can only be uploaded for analysis using API. |
File size cannot exceed the maximum file size permitted by your license.
For different formats, Dr.Web vxCube uses different ways of file processing.
|
If you choose Microsoft Office, Acrobat Reader, or Java file for the analysis, you will be prompted to select a version of the corresponding application to run the file. For example, for a PDF file, you should choose between 10.1, 11.0, 15.8 and 15.10 versions of Acrobat Reader. |
File formats and their running methods
File format |
Launching |
|---|---|
EXE |
%sample% |
DLL |
regsvr32 /s %sample% |
CPL |
rundll32 shell32.dll, Control_RunDLL "%sample%" |
SYS |
sc create %random_name% type= kernel start= demand error= ignore binpath= "%sample%" DisplayName= %random_name% sc start %random_name% |
NATIVE APP |
rtlrun %sample% |
MSI |
msiexec.exe /i %sample% |
MHT |
winword %sample% |
XML |
msoxmled.exe |
RTF, DOC, DOCX, DOCM, DOTM, DOTX, WPS, ODT |
winword.exe |
XLS, XLSX, XLSM, XLSB, XLAM, XTLX, XTLM, SLK, IQY, ODS |
excel.exe |
PPT, PPTX, PPTM, PPSX, PPSM, SLDX, SLDM, PPA, PPAM, THMX, POTX, POTM, ODP |
powerpnt.exe |
ACCDB |
msaccess.exe |
PUB |
mspub.exe |
acrord32.exe |
|
JAR |
javaw -jar %sample% |
CLASS |
java %sample% |
JS, VBS, WSF, JSE, VBE |
wscript /b /nologo %sample% |
PS1 |
powershell -file %sample% |
BAT |
cmd /c %sample% |
SCT |
regsvr32.exe /s /i:%sample% scrobj.dll |
XSL |
wmic printjob get /format:"%sample%" |
MOF |
mofcomp %sample% |
LNK, HTA |
%sample% |
CHM |
hh.exe |
XLL |
excel.exe %sample% |
%sample% is the file name on a virtual machine. %random_name% is a randomly given name. |