Uploading Files for Analysis |
To upload a file for analysis 1.Click button or the browse field. In the window that opens, select a file you want to analyze. You can also drag and drop a file into the field. Dr.Web vxCube identifies the uploaded file format by its content automatically. If the file format is not automatically identified (UNK), you will see the message. In this case, you can select the file format manually.
Figure 10. Selecting file format manually To select file format manually, click drop-down arrow and select the corresponding format. Make sure you have selected a correct file format. Otherwise, analysis results may be inaccurate. 2.Choose an operating system or an application version for running the file and specify Additional settings if necessary. You can select multiple OS versions or application versions: then multiple virtual machines will be launched. For example, if you select two OS Windows versions to analyze an executable file (.exe), Dr.Web vxCube will run two VMs. 3.Click to start checking the file. You can run analysis of multiple files one by one. Click at the top of the page and then choose another file. The icon displays progress of each analysis. Figure 11. Uploading a file for analysis The use of VNC client is convenient if you choose more than one operating system and you want to influence the process on each of them. To activate the function, select the checkbox. When you start the analysis, new browser tabs open automatically. Tabs are connected to the corresponding virtual machines via the VNC client. At the top of each tab, a progress bar is displayed. The bar shows the completion percentage and the current state of the analysis. Although new tabs open immediately, it can take some time to connect to virtual machines.
If this setting is disabled, only the processes engaged in malicious activity are included in the report. The default sample run time in Dr.Web vxCube is 1 minute. You can reduce or increase this value if required for the analysis. For example, you can increase the time if a file needs more time to show suspicious behavior. To change the run time, move the slider to the left or to the right. By default, the total size for files created during the analysis is limited to 64 MB. You can increase it to 512 MB. This option allows you to set a specific command to run file analysis. You can use any application from the standard Windows pack as a command, for example, rundll32.exe, regsvr32.exe, notepad.exe, etc. To use the command, specify it in field. You can specify a full path to the file using the special %SAMPLE% parameter. You can use this option if you need to run an executable file by calling an exported function. For example, rundll32 %SAMPLE%, ExportedFunction. VPN is used by default. For some connection types, you can specify a proxy server address and authorization parameters. Only TCP connections are proxied. Traffic of the other protocols is transferred through the default VPN server. To redirect UDP traffic, select the check box. Figure 12. Additional settings After specifying additional settings •Click to start analyzing the file. •Click to reset settings and close the window.
|