Submission Settings Tab

Use the Submission Settings tab, in Virtual Analyzer > Sandbox Management, to view or specify the file types that Virtual Analyzer processes.

Trend Micro identifies files by true file type and not by extension. Sample file extensions are provided for reference.

Note:

Updates to the Virtual Analyzer Configuration Pattern may also include added support for new file types. After the update, Virtual Analyzer places new file types in the Analyzed list.

Table 1. Virtual Analyzer File Types: Windows

Displayed File Type

Full File Type

Example File Extensions

bat

Microsoft™ Windows™ batch file

.bat

cmd

Microsoft™ Windows™ command script file

.cmd

cell

Hancom™ Hancell spreadsheet

.cell

chm

Compiled HTML (CHM) help file

.chm

csv

Comma-separated values (CSV) file

.csv

class

Java™ Class file

.class

.cla

com

Microsoft™ Windows™ executable file

.com

dll

AMD™ 64-bit DLL file

Microsoft™ Windows™ 16-bit DLL file

Microsoft™ Windows™ 32-bit DLL file

.dll

.ocx

.drv

doc

Microsoft™ Word™ 1.0 document

Microsoft™ Word™ 2.0 document

.doc

.dot

docx

Microsoft™ Office Word™ (2007 or later) document

Microsoft™ Office Word™ (2007 or later) macro-enabled document

.docx

.dotx

.docm

.dotm

elf

Executable and Linkable Format (ELF) file

Note:

For Virtual Analyzer analysis in CentOS 7.8 (64-bit) images only.

.elf

exe

AMD™ 64-bit EXE file

ARJ compressed EXE file

ASPACK 1.x compressed 32-bit EXE file

ASPACK 2.x compressed 32-bit EXE file

DIET DOS EXE file

GNU UPX compressed EXE file

IBM™ OS/2 EXE file

LZEXE DOS EXE file

LZH compressed EXE file

LZH compressed EXE file for ZipMail

MEW 0.5 compressed 32-bit EXE file

MEW 1.0 compressed 32-bit EXE file

MEW 1.1 compressed 32-bit EXE file

Microsoft™ Windows™ 16-bit EXE file

Microsoft™ Windows™ 32-bit EXE file

MIPS EXE file

MSIL Portable executable file

PEPACK compressed executable

PKWARE™ PKLITE™ compressed DOS EXE file

PETITE compressed 32-bit executable file

PKZIP compressed EXE file

WWPACK compressed executable file

.cpl

.exe

.sys

.crt

.scr

gul

JungUm™ Global document

.gul

hta

HTML Application file

.hta

html

Hypertext Markup Language (HTML) file

.htm

.html

hwp

Hancom™ Hangul Word Processor (HWP) document

.hwp

hwpx

Hancom™ Hangul Word Processor (2014 or later) (HWPX) document

.hwpx

iqy

Microsoft Excel Web Query File

.iqy

jar

Java™ Applet

Java™ Application

Note:

Virtual Analyzer does not support the java library.

.jar

js

JavaScript™ file

.js

jse

JavaScript™ encoded script file

.jse

jtd

JustSystems™ Ichitaro™ document

.jtd

lnk

Microsoft™ Windows™ Shell Binary Link shortcut

Microsoft™ Windows™ 95/NT shortcut

.lnk

mht

mhtml

Web page archive file

.mht

.mhtml

mov

Apple QuickTime media

.mov

odt

OpenDocument Text

.odt

odp

OpenDocument Presentation

.odp

ods

OpenDocument Spreadsheet

.ods

pdf

Adobe™ Portable Document Format (PDF)

.pdf

ppt

Microsoft™ Powerpoint™ presentation

.ppt

.pps

pptx

Microsoft™ Office PowerPoint™ (2007 or later) presentation

Microsoft™ Office PowerPoint™ (2007 or later) macro-enabled presentation

.pptx

.ppsx

ps1

Microsoft™ Windows™ PowerShell script file

.ps1

pub

Microsoft™ Office Publisher™ (2016) file

.pub

rtf

Microsoft™ Rich Text Format (RTF) document

.rtf

shell

Shell script file

Note:

For Virtual Analyzer analysis in CentOS 7.8 (64-bit) images only.

.sh

slk

Microsoft™ symbolic link format

.slk

svg

Scalable Vector Graphics file

.svg

swf

Adobe™ Shockwave™ Flash file

.swf

vbe

Visual Basic™ encoded script file

.vbe

vbs

Visual Basic™ script file

.vbs

wsf

Microsoft™ Windows™ Script File

.wsf

xls

Microsoft™ Excel™ spreadsheet

.xls

.xla

.xlt

.xlm

xlsx

Microsoft™ Office Excel™ (2007 or later) spreadsheet

Microsoft™ Office Excel™ (2007 or later) macro-enabled spreadsheet

.xlsx

.xlsb

.xltx

.xlsm

.xlam

.xltm

xml

Microsoft™ Office 2003 XML file

Microsoft™ Word™ 2003 XML document

Microsoft™ Excel™ 2003 XML spreadsheet

Microsoft™ PowerPoint™ 2003 XML presentation

.xml

xht

xhtml

Extensible Hypertext Markup Language

.xht

.xhtml

url

Internet shortcut file

.url

Note:

For the following script types, Virtual Analyzer does not perform an analysis if the file extension and file type do not match:

  • bat

  • cmd

  • csv

  • hta

  • htm

  • html

  • iqy

  • js

  • jse

  • mht

  • mhtml

  • ps1

  • slk

  • svg

  • url

  • vbe

  • vbs

  • wsf

  • xht

  • xhtml

  • xls

Table 2. Virtual Analyzer File Types: Linux

Displayed File Type

Full File Type

Example File Extensions

elf

ELF Executable

N/A

sh

Shell script

.sh

Virtual Analyzer can scan files that match the supported file types in an archive file that is not password protected. The following table lists the supported archive file types.

Note:

For the list of password-protected archive files that Virtual Analyzer can analyze, see File Passwords Tab.

Table 3. Archive file types

True File Type

Full File Type

Example File Extensions

7ZIP

7-zip archive

.7z

ACE

WinAce archive

.ace

ALZ

ALZip archive

.alz

AMG

Fujitsu AMG archive

.amg

ARK

Google™ Android™ Application Package (APK)

.apk

ARJ

ARJ archive

.arj

BINHEX

BinHex file

.hqx

BZIP2

BZIP2 archive

.bz2

.bzip2

CAB

Microsoft™ Cabinet file

.cab

CRX

Chrome Extension Format (CRX)

.crx

EGG

ALZip archive

.egg

GZIP

GNU ZIP archive

.gzip

.gz

ISO

ISO image

.iso

LHA

LHARC compressed archive

.lha

.lharc

LZW

Lempel-Ziv-Welch (LZW) Compressed Amiga archive

.lzh

MACBIN

Apple™ MacBinary file

.bin.macbin

MIME

Multipurpose Internet Mail Extensions (MIME) Base64 file

.eml

.email

MSG

Microsoft™ Outlook™ Item

.msg

MSI

Microsoft™ installer package

.msi

MSCOMP

Microsoft™ compressed files

.arc

RAR

Roshal Archive (RAR) archive

.rar

SIS

Symbian™ Installation file

.sis

SIT

Smith Micro™ StuffIt archive

.sit

.sitx

TAR

TAR archive

.tar

.tgz

TNEF

Microsoft™ Outlook™ Transport Neutral Encapsulation Format (TNEF) file

.tnef

.winmail.dat

.win.dat

UUCODE

Uuencode file

.uue

WIM

Microsoft™ Windows Image (WIM)

.wim

XZ

XZ archive

.xz

ZIP

PKWARE PKZIP archive (ZIP)

.zip

The following table lists the Mac file types that Deep Discovery Analyzer automatically submits to Sandbox for MacOS for analysis, regardless of the submission settings.

Note:

Deep Discovery Analyzer submits JAR and CLASS files to both Sandbox for MacOS and the internal Virtual Analyzer for analysis.

Table 4. Virtual Analyzer File Types: Mac

True File Type

Full File Type

Example File Extensions

DMG

Apple disk image file

.dmg

JAR

Java™ Applet

Java™ Application

Note:

Virtual Analyzer does not support the java library.

.jar

CLASS

Java™ Class file

.class

.cla

PKG

Mac OS X installation file

.pkg

Mach-O

Mach object file

.o