Analyzing Files

To analyze a file

1.Make sure Dr.Web vxCube supports the format of the file you want to analyze.

2.Browse for the file you want to check and upload it to the application.

If Dr.Web vxCube cannot identify the file format automatically, you will be able to select it manually.

3.Select an environment for the analysis—an operating system version or an application version.

You can select multiple OS versions or application versions.

4.(Optionally) Specify additional settings for analyzing the file.

5.Click Analyze.

Analysis

When you start the analysis, one or several virtual machines with pre-installed software will be run. The number of virtual machines depends on the number of OS versions or application versions you have selected.

All events related to file behavior on a virtual machine are monitored to detect any suspicious activity. All processes on a guest OS are logged to the API Log. The analyzer uses a list of rules to categorize these processes.

The Dr.Web vxCube analyzer interacts with a hypervisor and does not use any additional software in the guest operating system (for example, drivers that hook functions). Thus, during analysis, the sample cannot detect or remove hooks.

Virtual machines connect to the internet through a dedicated proxy server. This helps fully analyze the virus behavior, especially if its functioning depends on downloading data from the internet.

In order to log events, Dr.Web vxCube interacts with a hypervisor, not with virtual machines. It means the analyzer cannot be detected.

You can connect to a virtual machine through a VNC (Virtual Network Computing) client and influence the analysis. Note that this can only be done when the virtual machine is operating.

Once the analysis is complete, you will receive a detailed report and be able to review the history of previously analyzed files.