Skip to main content

Scan File

Scan a file in the Hybrid Analysis sandbox for analysis.

The default analysis system supports the following file extensions:

  • PE (.exe, .scr, .pif, .dll, .com, .cpl, etc.)
  • Office (.doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub)
  • PDF
  • APK
  • executable JAR
  • Windows Script Component (.sct)
  • Windows Shortcut (.lnk)
  • Windows Help (.chm)
  • HTML Application (.hta)
  • Windows Script File (*.wsf)
  • Javascript (.js),
  • Visual Basic (.vbs, .vbe)
  • Shockwave Flash (.swf)
  • Perl (.pl)
  • Powershell (.ps1, .psd1, .psm1)
  • Scalable Vector Graphics (.svg)
  • Python (.py) scripts
  • Perl (.pl) scripts
  • Linux ELF executables
  • MIME RFC 822 (*.eml)
  • Microsoft Installer packages(*.msi)
  • Outlook *.msg files.

Basic Parameters

ParameterDescription
Environment IDThe sandbox environment to run the scan on.Available environments:
  • ID 310: 'Linux (Ubuntu 20.04, 64 bit)'
  • ID 300: 'Linux (Ubuntu 16.04, 64 bit)'
  • ID 200: 'Android Static Analysis'
  • ID 160: 'Windows 10 64 bit'
  • ID 120: 'Windows 7 64 bit'
  • ID 110: 'Windows 7 32 bit (HWP Support)'
  • ID 100: 'Windows 7 32 bit'
File IdentifierThe identifier of the file. You can create a file identifier using the Set File Variable action.

Advanced Parameters

ParameterDescription
Allow Community AccessWhen set to 'true', the sample will be available for the community(Note: when 'nosharethird_party' is set to 'false', it won't be possible to set different value than 'true').
CommentOptional comment text that may be associated with the scan.
Dont Share With Third PartyWhen set to 'true', the sample is never shared with any third party.
EmailOptional email address that may be associated with the submission for notification.

Example Output

{
"job_id": "63de7d8c49a6d52ea854e3e5",
"submission_id": "63de7d8d49a6d52ea854e3e6",
"environment_id": 100,
"sha256": "2ed46d7bedc17aba18343eac71e21648b1af50fff732af7e338075cd0ed1567a"
}

Workflow Library Example

Hybrid Analysis Detonate File in Sandbox

Workflow LibraryPreview this Workflow on desktop