Scan File
Scan a file in the Hybrid Analysis sandbox for analysis.
The default analysis system supports the following file extensions:
- PE (.exe, .scr, .pif, .dll, .com, .cpl, etc.)
- Office (.doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub)
- APK
- executable JAR
- Windows Script Component (.sct)
- Windows Shortcut (.lnk)
- Windows Help (.chm)
- HTML Application (.hta)
- Windows Script File (*.wsf)
- Javascript (.js),
- Visual Basic (.vbs, .vbe)
- Shockwave Flash (.swf)
- Perl (.pl)
- Powershell (.ps1, .psd1, .psm1)
- Scalable Vector Graphics (.svg)
- Python (.py) scripts
- Perl (.pl) scripts
- Linux ELF executables
- MIME RFC 822 (*.eml)
- Microsoft Installer packages(*.msi)
- Outlook *.msg files.
Basic Parameters
Parameter | Description |
---|---|
Environment ID | The sandbox environment to run the scan on.Available environments:
|
File Identifier | The identifier of the file. You can create a file identifier using the Set File Variable action. |
Advanced Parameters
Parameter | Description |
---|---|
Allow Community Access | When set to 'true', the sample will be available for the community(Note: when 'nosharethird_party' is set to 'false', it won't be possible to set different value than 'true'). |
Comment | Optional comment text that may be associated with the scan. |
Dont Share With Third Party | When set to 'true', the sample is never shared with any third party. |
Optional email address that may be associated with the submission for notification. |
Example Output
{
"job_id": "63de7d8c49a6d52ea854e3e5",
"submission_id": "63de7d8d49a6d52ea854e3e6",
"environment_id": 100,
"sha256": "2ed46d7bedc17aba18343eac71e21648b1af50fff732af7e338075cd0ed1567a"
}
Workflow Library Example
Hybrid Analysis Detonate File in Sandbox
Preview this Workflow on desktop