Views:
The File Analysis Result section of the Affected Hosts - Detection Details screen contains the following information:
Click View Virtual Analyzer Report to view the Virtual Analyzer report.
Click Download and then select Virtual Analyzer Report to download the Virtual Analyzer report.
Tip
Tip
Viewing or downloading the Virtual Analyzer report may take longer than the other options. Allocate more time for the Virtual Analyzer report to appear or download.
Click Download and then select Investigation Package to download a password protected ZIP archive containing the investigation package.
Important
Important
Suspicious files must always be handled with caution. Extract the detected file at your own risk.
The password for the zip archive is "virus".
Click Download and then select Detected File to download a password protected ZIP archive containing the detected file.
Click Download and then select All to download a password protected ZIP archive containing the detected file, the Virtual Analyzer report, and the investigation package.
Related information

Affected Hosts - Detection Details - File Analysis Result - File Information

Information provided in the File Analysis Result - File Information section of the Detection Details window may include the following:
  • Child files
    • File name / URL
    • File size (bytes)
    • Type
    • File SHA-1
    • File SHA-256
  • File name
  • File size
  • File type
  • File MD5
  • File SHA-1
  • File SHA-256
  • MITRE ATT&CK™ Framework
    • Tactics
    • Techniques
    Tip
    Tip
    Click the tactic or technique to view more details on the MITRE website.
    Important
    Important
    MITRE information displayed on Deep Discovery Director (Internal Network Analytics Version) is based on ATT&CK™ v6. The information may be different when displayed on products that use a different version of ATT&CK™.
    © ATT&CK™ is a trademark of the MITRE Corporation.
  • Threat
  • Virtual Analyzer risk level

Affected Hosts - Detection Details - File Analysis Result - YARA Detections

Information provided in the File Analysis Result - YARA Detections section of the Detection Details window may include the following:
  • YARA Rule File
  • YARA Rules

Affected Hosts - Detection Details - File Analysis Result - Notable Characteristics

Information provided in the File Analysis Result - Notable Characteristics section of the Detection Details window may include characteristics that are commonly associated with malware. Characteristics are grouped into the following categories:
  • Anti-security, self-preservation
  • Autostart or other system reconfiguration
  • Deception, social engineering
  • File drop, download, sharing, or replication
  • Hijack, redirection, or data theft
  • Malformation or other known malware traits
  • Process, service, or memory object change
  • Rootkit, cloaking
  • Suspicious network or messaging activity
  • Other notable characteristic