Dr.Web vxCube supports the following formats:
File format |
|
|---|---|
Windows executable files |
CPL, DLL, EXE, MSI, NATIVE APP, SYS |
Android packages |
APK |
Microsoft Office documents |
MHT, RTF, DOC, DOCX, DOCM, DOTM, DOTX, WPS, XLL, XLS, XLSX, XLSM, XLSB, XLAM, XTLX, XTLM, SLK, IQY, PPT, PPTX, PPTM, PPSX, PPSM, SLDX, SLDM, PPA, PPAM, THMX, POTX, POTM, XML, ACCDB, PUB, ODT, ODS, ODP |
Acrobat Reader files |
|
Java executable files |
CLASS, JAR |
Script files |
BAT, JS, JSE, PL, PS1, PY, SCT, SH, VBE, VBS, WSF, XSL |
*nix executable files |
ELF |
Other |
7Z, ACE, ARJ, BZ2, CAB, CHM, DOCKER, EML, GZ, HTA, LNK, MOF, RAR, TAR, XZ, ZIP |
|
Files with the ZIP, ARJ, XZ, ACE, TAR, BZ2, CAB, GZ, RAR, 7Z, or EML extensions can only be uploaded for analysis using API. |
The file size cannot exceed the maximum file size permitted by your license.
For different formats, Dr.Web vxCube uses different ways of file processing and running.
|
If you choose a Microsoft Office, Acrobat Reader, or Java file for analysis, you will be prompted to select an app version to run the file instead of an OS version. For example, for a PDF file, you will need to choose between three versions of Acrobat Reader: 10.1, 11.0, or 15.10. |
File formats and methods to launch them
File format |
Launching |
|---|---|
EXE |
%sample% |
DLL |
regsvr32 /s %sample% |
CPL |
rundll32 shell32.dll, Control_RunDLL "%sample%" |
SYS |
sc create %random_name% type= kernel start= demand error= ignore binpath= "%sample%" DisplayName= %random_name% sc start %random_name% |
NATIVE APP |
rtlrun %sample% |
MSI |
msiexec.exe /i %sample% |
MHT |
winword %sample% |
XML |
msoxmled.exe |
RTF, DOC, DOCX, DOCM, DOTM, DOTX, WPS, ODT |
winword.exe |
XLS, XLSX, XLSM, XLSB, XLAM, XTLX, XTLM, SLK, IQY, ODS |
excel.exe |
PPT, PPTX, PPTM, PPSX, PPSM, SLDX, SLDM, PPA, PPAM, THMX, POTX, POTM, ODP |
powerpnt.exe |
ACCDB |
msaccess.exe |
PUB |
mspub.exe |
acrord32.exe |
|
JAR |
javaw -jar %sample% |
CLASS |
java %sample% |
JS, VBS, WSF, JSE, VBE |
wscript /b /nologo %sample% |
PS1 |
powershell -file %sample% |
BAT |
cmd /c %sample% |
SCT |
regsvr32.exe /s /i:%sample% scrobj.dll |
XSL |
wmic printjob get /format:"%sample%" |
MOF |
mofcomp %sample% |
LNK, HTA |
%sample% |
CHM |
hh.exe |
XLL |
excel.exe %sample% |
ELF |
%sample% |
SH |
bash %sample% |
PY |
python %sample% |
PL |
perl %sample% |
DOCKER |
docker load -i %sample% docker run %image_id% |
%sample% is the name of the analyzed file on a virtual machine. %random_name% is a randomly given name. |