Uploading Files for Analysis

1.Click Browse button or the browse field. In the window that opens, select a file you want to analyze.

If the file format is not automatically identified (UNK), you will see the Unable to identify file format message. In this case, you can select the file format manually.

The MOF, JS, VBS, WSF, JSE, VBE, PS1, and BAT file formats may be identified incorrectly. For these files, you can select format manually.

To select file format manually, click drop-down arrow and select the corresponding format.

Make sure you have selected a correct file format. Otherwise, analysis results may be inaccurate.

2.Choose an operating system or an application version for running the file and specify Additional settings if necessary.

You can select multiple OS versions or application versions: then multiple virtual machines will be launched. For example, if you select two OS Windows versions to analyze an executable file (.exe), Dr.Web vxCube will run two VMs.

You can run analysis of multiple files one by one. Click Back at the top of the page and then choose another file. The

icon displays progress of each analysis.

The use of VNC client is convenient if you choose more than one operating system and you want to influence the process on each of them.

To activate the function, select the Use VNC checkbox. When you start the analysis, new browser tabs open automatically. Tabs are connected to the corresponding virtual machines via the VNC client. At the top of each tab, a progress bar is displayed. The bar shows the completion percentage and the current state of the analysis.

Although new tabs open immediately, it can take some time to connect to virtual machines.

If you have not selected this option in Additional settings and have already started the analysis, click Use VNC on the analysis page. VNC client will open in a new tab.

If this setting is disabled, only the processes engaged in malicious activity are included in the report.

The default sample run time in Dr.Web vxCube is 1 minute. You can reduce or increase this value if required for the analysis. For example, you can increase the time if a file needs more time to show suspicious behavior. To change the run time, move the Sample run time slider to the left or to the right.

By default, the total size for files created during the analysis is limited to 64 MB. You can increase it to 512 MB.

This option allows you to set a specific command to run file analysis. You can use any application from the standard Windows pack as a command, for example, rundll32.exe, regsvr32.exe, notepad.exe, etc. To use the command, specify it in Specify a command to run the file field.

You can use this option if you need to run an executable file by calling an exported function. For example, rundll32 %SAMPLE%, ExportedFunction.

VPN is used by default. For some connection types, you can specify a proxy server address and authorization parameters. Only TCP connections are proxied. Traffic of the other protocols is transferred through the default VPN server. To redirect UDP traffic, select the Redirect UDP check box.

Additional settings are only applied to the current file. If you close the Additional settings window or select another file, you will have to configure the settings again.