Object profiles

Overview

Key object details

Provides hash values (SHA-1, SHA-256, MD5), detection name, malware family, and first/last seen. For submitter source details see Consolidated analysis results.

For bundled files, lists up to five files from the bundle.

Static analysis

Structural indicators like imports and macros

Only available to objects submitted to Sandbox Analysis

Displays indicators like imports, strings, macros, and MITRE ATT&CK.

For archive files, MITRE ATT&CK mapping applies to the archive file as a whole; imports, strings, and macros to each file in the archive.

Unavailable for objects submitted automatically or through Service Gateway.

Unavailable

Dynamic analysis

Sandbox execution report

Offers the same sandbox execution details previously available in an HTML report. You can still download the full report as a PDF from this tab when analysis is complete.

File content

File content preview or download

Only available to objects submitted to Sandbox Analysis

For files 5MB or less, an inline hex viewer allows quick inspection.

For files over 5MB, you can download a password-protected ZIP file.

For archive files, displays content for the archive file only, not individual files within it.

Unavailable for objects submitted automatically or through Service Gateway.

Unavailable

Associated Workbench alerts

Related alerts from Workbench

Shows alerts related to the submitted object within the last 30 days including status, severity, score, and impacted entities. For archive files, queries the file SHA-1 of the archive file itself, not its contents.

Third-party insights

VirusTotal threat intelligence

After configuring a VirusTotal API key in Third-Party Integrations, displays VirusTotal threat intelligence. For archive files, queries the file SHA-1 of the archive file itself, not its contents.