Scan File

Scan a file in the Hybrid Analysis sandbox for analysis.

The default analysis system supports the following file extensions:

• PE (.exe, .scr, .pif, .dll, .com, .cpl, etc.)
• Office (.doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub)
• PDF
• APK
• executable JAR
• Windows Script Component (.sct)
• Windows Shortcut (.lnk)
• Windows Help (.chm)
• HTML Application (.hta)
• Windows Script File (*.wsf)
• Javascript (.js),
• Visual Basic (.vbs, .vbe)
• Shockwave Flash (.swf)
• Perl (.pl)
• Powershell (.ps1, .psd1, .psm1)
• Scalable Vector Graphics (.svg)
• Python (.py) scripts
• Perl (.pl) scripts
• Linux ELF executables
• MIME RFC 822 (*.eml)
• Microsoft Installer packages(*.msi)
• Outlook *.msg files.

Basic Parameters

Parameter	Description
Environment ID	The sandbox environment to run the scan on. Available environments: - ID 310: 'Linux (Ubuntu 20.04, 64 bit)' - ID 300: 'Linux (Ubuntu 16.04, 64 bit)' - ID 200: 'Android Static Analysis' - ID 160: 'Windows 10 64 bit' - ID 120: 'Windows 7 64 bit' - ID 110: 'Windows 7 32 bit (HWP Support)' - ID 100: 'Windows 7 32 bit'
File Identifier	The identifier of the file. You can create a file identifier using the Set File Variable action.

Advanced Parameters

Parameter	Description
Allow Community Access	When set to 'true', the sample will be available for the community (Note: when 'no_share_third_party' is set to 'false', it won't be possible to set different value than 'true').
Comment	Optional comment text that may be associated with the scan.
Dont Share With Third Party	When set to 'true', the sample is never shared with any third party.
Email	Optional email address that may be associated with the submission for notification.

Example Output

{
    "job_id": "63de7d8c49a6d52ea854e3e5",
    "submission_id": "63de7d8d49a6d52ea854e3e6",
    "environment_id": 100,
    "sha256": "2ed46d7bedc17aba18343eac71e21648b1af50fff732af7e338075cd0ed1567a"
}

Workflow Library Example

Hybrid Analysis Detonate File in Sandbox

Preview this Workflow on desktop