Summary section

The Summary section represents general information about the results of a file execution.

The following charts are displayed:

• Detects

  The total number of threats detected during the file execution, and the proportion of threats with Malware (red) and Adware and other (yellow) status.

  The name of the chart is clickable—you can click Detects to navigate to the Detection names table on the Results tab.

• Suspicious activities

  The total number of suspicious activities registered during the file execution, and the proportion of activities with High (red), Medium (yellow), and Low (gray) levels.

  The name of the circle chart is clickable—you can click Suspicious activities to navigate to the Suspicious activities table on the Results tab.

  This chart is not available for multi-file (packed) objects.

• Extracted files

  The total number of files downloaded or dropped by the file during the execution process, and the proportion of files with the status of Malware (extracted files that can be classified as malicious, in red), Adware and other (extracted files that can be classified as Not-a-virus, in yellow), Clean (extracted files that can be classified as not malicious, in green), and Not categorized (the category cannot be determined due to insufficient information about the extracted files, in gray).

  The name of the chart is clickable—you can click Extracted files to navigate to the Extracted files tab.

• Network activities

  The total number of registered network interactions that the file performed during the execution process, and the proportion of network interactions with the status of Dangerous (requests to resources with Dangerous status, in red), Adware and other (requests to resources with Adware and other status, in yellow), Good (requests to resources with Good status, in green), and – (requests to resources with Not categorized status, in gray).

  The name of the circle chart is clickable—you can click Network activities to navigate to the Network activities tab.

  This chart is not available for multi-file (packed) objects.

The number of detected files or activities with specific status is displayed below each chart. Small values are displayed out of proportion. For better viewing, small values are displayed as 1% of the entire circle chart.

You can download the file execution results as an archive by clicking the Export all results button.

The Summary section also displays the execution task details:

• Uploaded

  Date and time when the file was uploaded or downloaded.

• Analyzed

  Date and time when the file analysis was completed.

• Database update

  Date and time when the anti-virus databases were updated.

• File size

  Size of the executed file in bytes.

• File type

  Automatically detected type of the executed file.

• Execution environment

  Selected environment (operating system) for the file execution.

  If you did not specify the execution environment, Kaspersky Threat Intelligence Portal automatically selects the optimal environment for executing your object and displays Auto.

• Execution time

  Specified time of the file execution, in seconds.

  If you did not specify the execution time, Kaspersky Threat Intelligence Portal automatically selects the optimal execution time for your object and displays Auto.

• File extension

  Specified file extension.

• HTTPS decryption

  Information about whether the HTTPS traffic generated by the object was decrypted during execution.

• Click links

  Information about whether the links in opened documents were followed during the file execution.

• Internet access options

  Region of a network channel that the file used to access the internet.

  If you selected the Tarpit item when creating the execution task, a warning that the file was executed in the environment without access to the internet is displayed. For more details about channels, refer to Internet channel values.

• MD5

  MD5 hash of the executed file. This item is clickable and takes you to the Threat Lookup page, where you can search for information about the MD5 hash.

• SHA1

  SHA1 hash of the executed file. This item is clickable and takes you to the Threat Lookup page, where you can search for information about the SHA1 hash.

• SHA256

  SHA256 hash of the executed file. This item is clickable and takes you to the Threat Lookup page, where you can search for information about the SHA256 hash.

• Document password

  Information about whether the password for the protected document was specified.

• Command line parameters

  Command line parameters that were used to execute the object in the Sandbox.

Running a threat lookup request for a hash (MD5, SHA1, or SHA256) of the executed file does not count against the Threat Lookup quota for your group.

Page top