Information received throughout the analysis is recorded in a report.
To open report
•If you keep the analysis page open, the report opens automatically after the analysis. •If you had left the page before the analysis was completed, select the file you were analyzing in the History section on the main page. Report structure
Figure 15. Report structure
The report is divided into two parts: general information and main section.
General information
Item
|
Description
|
Estimated result
|
Overall assessment of possible maliciousness.
|
Clean file
|
|
Suspicious file
|
|
Malware
|
|
Detected
|
Brief information on the file behavior and detected threats.
|
Tags
|
Tags added by a user or by a YARA rule when triggered.
|
Size
|
File size.
|
Format
|
File format.
|
SHA1
|
File hash.
|
More
|
Analysis started
|
Date and time when the analysis started. It is counted from the moment the file was launched on a virtual machine.
|
Use of VNC
|
Use of a VNC client during the analysis (yes/no).
|
Sample run time
|
Sample run time that was specified in the additional settings of analysis.
|
Total analysis time
|
Total duration of file analysis.
|
Command to run the file
|
The command specified in the additional settings to run the file you are analyzing.
|
Copy full raw hypervisor log
|
Copy full raw hypervisor log (yes/no).
|
Sample flex time
|
Use sample flex time (yes/no).
|
Forward the specified ports from guest VM
|
Forward the specified ports from guest VM. Example: 2343, 4353:tcp.
|
Get *.lib files and raw dumps
|
Get *.lib files and raw dumps (yes/no).
|
Enable auto clicker
|
Enable auto clicker (yes/no).
|
Maximum number of triggered breakpoints
|
Set the maximum number of triggered breakpoints.
|
Lifetime of processes in seconds
|
Set the lifetime of processes. Example: notepad.exe,35,winword.exe,20.
|
Start user batch script before sample
|
Start a user batch script before running the sample.
|
Set system date
|
Set a system date on VM on which the analysis is performed. Example: 17.03.2022.
|
Dump browsers modules
|
Dump browsers modules (yes/no).
|
Dump memory-mapped files (only after execution)
|
Dump memory-mapped files (only after execution) (yes/no).
|
Dump SSDT
|
Dump SSDT (yes/no).
|
Dump processes (only after execution)
|
Dump processes (yes/no).
|
Get all allocs and drops
|
Get all allocs and drops (yes/no).
|
Size of Crypto API buffers limit in MB
|
Set size of Crypto API buffers limit in MB. Example: 512.
|
Injects count limit
|
Set a limit for injects. Example: 100.
|
WriteFile buffers limit in MB
|
Set WriteFile buffers limit in MB. Example: 256.
|
Maximum size of collectable drops
|
Set a maximum size of collectable drops.
|
To the right from the general information part, there is a screenshot and a video report about the file’s behavior when it was run in a guest operating system.
Main body
The main body contains the following sections which are present depending on the sample format.
Report actions
Download buttons on the report page allow you to:
Download the original file.
Download a ZIP archive with the report. The default password for the archive is vxcube.
Download the report in HTML and PDF format.
Download a PCAP file.
To download the report
1.At the top of the page, select platform. 2.Click Download report to open the Report parameters window. 3.Select the report format: HTML or PDF. 4.Select the sections you need to include in the report. The API log and Intents sections may contain thousands of records; you can filter the records by the degree of danger. 5.Click Download report.
|
The Intents table appears in reports for Android packages only.
|
To add a tag
1.Click in the Tag section of the report. 2.Enter a tag name using letters, digits, or underscore. 3.Click .
|