Before executing a file in Kaspersky Threat Intelligence Portal, you can upload it and select execution options.
To upload a file:
When the object is selected, its file name and size (in megabytes) are displayed.
The maximum size of an object that can be uploaded is 256 MB.
If you execute a multi-file (packed) object, make sure it contains less than 1000 files. Kaspersky Threat Intelligence Portal scans all files in the object, but only 1000 files are available for downloading. We recommend that you execute objects that contain less than 1000 files. The size of individual files in the packed object must not exceed 256 MB. The total size of all files when unpacked must not exceed 1 GB.
If necessary, enter a password for the archive in the Archive password (optional) field. Password length must be up to 256 characters. Any characters are allowed, although double-quote (") and backslash (\) characters must be escaped to ensure they are not interpreted as control characters in JSON.
If you do not enter a password for a password-protected archive, Kaspersky Threat Intelligence Portal tries to unpack an archive using default passwords. You can show or hide the password by clicking the eye icon.
Available values:
The Auto execution environment is selected by default.
By default, the Auto value is selected: Kaspersky Threat Intelligence Portal automatically selects the optimal execution time for your object.
To specify the execution time manually (from 30 to 500 seconds), click the Auto field and use the slider.
To return to the recommended value, click the Reset to Auto button.
An uploaded object will be executed in the selected environment during the specified execution time. The specified time does not include the time required for analysis and displaying results.
Available values:
The Auto item is selected by default. For more details about channels, refer to Internet channel values.
The list of available regions can contain individual countries through which the executed file can access the internet.
You can use the portable executable (PE) format to process files that are not images. To do this, you must explicitly specify a file extension in the file name or in the Change file name and extension to field.
Most characters can be used to specify a file extension. Reserved characters <, >, :, ", /, \, |, ?, * cannot be used.
You can enter up to 254 characters to specify a file name and extension.
If the file extension is not specified, Kaspersky Threat Intelligence Portal attempts to determine it automatically and then executes the file.
For more details about file types, refer to the Automatically detected file types section.
This field is optional and available only when a Microsoft Windows execution environment is selected. Command line examples are described in the Appendices.
The check box is unavailable if Microsoft Windows XP SP3 x86 is selected as the file execution environment.
Disabling HTTPS traffic decryption may reduce the probability of malware detection. This functionality allows you to obtain artifacts with information about the object interaction via HTTPS during the task execution. We recommend disabling HTTP traffic decryption only if you are sure that it for some reason will interfere with a certain object analysis.
Selecting this option can increase the level of detection of malicious objects and malicious object behavior. This check box is selected by default.
The check box is selected by default.
If this check box is cleared, Kaspersky Threat Intelligence Portal considers your sample to be a similar to a previously analyzed actor's sample if they have a number of common genes or strings greater than or equal to a threshold value set by Kaspersky experts. For each actor, a threshold is specified separately. In this case, Kaspersky Threat Intelligence Portal returns fewer results, but the proportion of useful results is higher.
If you select this check box, Kaspersky Threat Intelligence Portal considers your sample to be a similar to a previously analyzed actor's sample if they have at least one common gene or string. In this case, Kaspersky Threat Intelligence Portal returns more results. It is useful to enable this parameter if all parts of the code in your sample are malicious, and you want to find more similar actor samples.
Kaspersky Threat Intelligence Portal displays the object execution results.
If an error occurs during the upload process, you can try to upload the object again, or select another object.
If you terminate the upload process for some reason, you can try to upload the same object again later, or you can select another object.
An entry describing execution results for each analysis technology appears separately in the History table. You can start to analyze results when the process ends and the Execution state field is Completed.
If the previously specified internet channel is no longer available, the Auto item is selected by default.
If the file is executed again later, results may differ from those shown in the History table for the same file because Kaspersky expert systems update information about objects in real time. Therefore, execution results depend on the threat landscape.
Up to 1000 of the latest file executions and web address analysis results for a user are stored. When the maximum number of stored results is reached, the oldest results are assigned Archived status. For more details about archived tasks, refer to the About archived (discarded) tasks section.
Page top