In this article we will cover the different options you have to analyze files and the supported file formats.
Table of Contents
Analyze a File
In order to analyze a file you can either drag and drop it, select it from your files, or send it via API.
For community users the files are made public to the community and shared with VirusTotal.
For enterprise uses the files remain in the organization’s private scope and will not be made public to the community nor uploaded to VirusTotal or any other third-party.
Analyze Encrypted Files
Intezer Analyze can automatically decompress and analyze archive files that are uploaded with one of the passwords intezer, infected or dangerous.
For enterprise users it is also possible to enter a custom password.
Analyze by Hash
You also have the ability to analyze a file by SHA256, MD5 or SHA1.
If the sample doesn’t already exist in Intezer’s database, the file will be downloaded from VirusTotal (For enterprise users, in order to support this functionality, they must set their own VirusTotal key.)
Supported File Types
The following file formats are currently supported:
- Windows Executable Files (PE) – exe, .dll, .sys – native x86, native x64 and .NET.
- Linux Executable Files (ELF) – native x86, native x64, ARM32, ARM64
- Compressed files that contain one file - Zip, RAR, TAR, 7-Zip
Additional supported file formats only for enterprise users:
- Android applications (APK)
- Installers - msi, trusted installer, Inno setup...
- Microsoft Office - doc, xls, ppt
- Scripts - powershell, vbs, js