Status

Danger level of the object.

Malware—Execution task completed; the object is malicious.

Adware and other—Execution task completed; the object can be classified as Not-a-virus.

Clean—Execution task completed; the object is not malicious.

Not categorized—Execution task completed; no information about the object is available.

— (no information)—Execution task is in progress or completed with errors.

Summary

General information about object execution results.

Detects—Total number of objects detected during object execution, and the proportion of objects classified as: Malware (red), Adware and other (yellow).

Extracted files—Total number of files downloaded or dropped by the object during the execution process, and the proportion of files with Malware (extracted files that can be classified as malicious, in red), Adware and other (extracted files that can be classified as Not-a-virus, in yellow), Clean (extracted files that can be classified as not malicious, in green), and Not categorized (no information about extracted files is available, in gray) statuses.

General information

General information about the object.

Uploaded—Date and time the object was uploaded.

Analyzed—Date and time the object analysis was completed.

Database update—Date and time the anti-virus databases were updated.

File size—Size of the executed file in bytes.

File type—Automatically detected type of the executed file.

Execution environment—Selected environment (operating system) for object execution. If you did not specify the execution environment, Kaspersky Threat Intelligence Portal automatically selects the optimal environment for your object execution and displays Auto.

Execution time—Specified time of object execution (seconds). If you did not specify the execution time, Kaspersky Threat Intelligence Portal automatically selects the optimal execution time for your object, and displays Auto.

File extension—Specified file extension.

HTTPS decryption—Information about whether the HTTPS traffic generated by the object was decrypted during execution.

Internet access options—Name of the network channel used by the object to access the internet.

Click links—Information about whether Kaspersky Research Sandbox followed the links in the documents that were opened in the Sandbox.

Document password— Information whether the password for the protected document was specified.

Command line parameters—Command line parameters that were used to execute the object in the Sandbox.

MD5—MD5 hash of the executed object. This item is clickable. You can copy the item to the clipboard (Copied to clipboard drop-down list option) or navigate to the Threat Lookup page (Lookup drop-down list option).

SHA1—SHA1 hash of the executed object. This item is clickable. You can copy the item to the clipboard (Copied to clipboard drop-down list option) or navigate to the Threat Lookup page (Lookup drop-down list option).

SHA256—SHA256 hash of the executed object. This item is clickable. You can copy the item to the clipboard (Copied to clipboard drop-down list option) or navigate to the Threat Lookup page (Lookup drop-down list option).

Packed object content

Information about each file in the uploaded object.

Status—Danger level of the file.

MD5—MD5 hash of the file. This item is clickable. Hover your mouse over the required item and click Lookup to navigate to the Threat Lookup page. This will display investigation results for the file detected by the MD5 hash. Investigation results are available only if you have a valid Threat Lookup license and have not exceeded your object investigation quota. If you requested this hash in the past 24 hours, the Threat Lookup quota for your group is not affected.

Investigation results for certain hashes in this section may be unavailable on the Threat Lookup results page.

Click Download to download the item as a password-protected .zip archive. Use a default password infected to unpack an archive.

The archive may contain objects that could harm your device or data, if handled improperly. By downloading, you accept full responsibility for the handling of downloaded objects contained in the archive. You can only use the downloaded content to increase the level of protection of your devices and systems.

Path—File name and path from the root of the uploaded object.

Packer—Name of the packer used to pack the uploaded object.

Type—Automatically detected file type.

Detect—Names of detected objects.