Behavior and YARA rules

The section contains two tables: Behavior and YARA rules. To open a table, click its name.

Behavior

The section contains a brief description on file behavior.

Dr.Web vxCube records all actions registered on a virtual machine throughout the analysis and categorizes them depending on how harmful they may be.

Dr.Web vxCube defines 3 categories of file behavior:

Malicious

Suspicious

Neutral

behavior yara 910-300

Figure 16. Reports on file behavior and YARA rules triggers

YARA Rules

The section contains information on YARA rule matches. The number of rules triggered during the analysis is displayed to the right from the table name.

The table displays information about the analysis results, tags, and triggered rule names.

To learn more about a rule, click its name.

To sort table columns in ascending or descending order, click the column titles.