You can analyze files automatically from your EDR, via API, or manually by drag-and-drop or selecting from your files. In this article we will cover the different options you have to analyze files and the supported file formats.
If you you already have a file analyzed, you can read about understanding the results and analysis report here.
Table of Contents
Analyze a File Manually
If the file that you need to analyze was not automatically collected via an integration or API, you can manually upload either by drag-and-drop or selecting from your files.
For community users, uploaded files are made public to the community and shared with VirusTotal.
For enterprise users, the files remain in your organization’s private index and will not be made public to the community, uploaded to VirusTotal, or any other third party.
Analyze Encrypted Files
Intezer Analyze can automatically decompress and analyze archive files that are uploaded with one of the passwords intezer, infected or dangerous.
For enterprise users, it is also possible to enter a custom password.
Analyze by Hash
You also have the ability to analyze a file by SHA256, MD5 or SHA1.
If the sample doesn’t already exist in Intezer’s database, the file can be downloaded from VirusTotal (For enterprise users, in order to support this functionality, they must set their own VirusTotal key.)
Supported File Types
The following file formats are currently supported:
- Windows executable files (PE) – .exe, .dll, .sys – native x86, native x64 and .NET.
- Linux executable files (ELF) – native x86, native x64, ARM32, ARM64
- macOS executable files and applications (Mach-O, .dmg, .pkg)
- Compressed files that contain one file - Zip, RAR, TAR, 7-Zip
- Android applications (APK)
- Installers - MSI, trusted installer, Inno setup...
- Microsoft Office - doc, xls, ppt, etc.
- Scripts - PowerShell, vbs, js