After analyzing a file or hash, the analysis results page is displayed. The results are divided into sections. Each section provides an additional layer of investigation.
Table of Contents
- Main Summary
- Extracted Files Tree View
The top of the page shows a summary of the analysis results
Indicates the calculated verdict which is based on code reuse and other artifacts.
A more granular result of the verdict. For further info read here.
Classification (Malware Family)
Specifies the file’s classification based on code reuse findings. For example, a file could be classified as WannaCry, Lazarus, Magic Hound, or zlib.
Specify the number of detections in VirusTotal to give more context to the Analysis report.
Note: For enterprise users, in order to support this functionality, they must set their VirusTotal key:
- Option 1: Link your VirusTotal public key - Create a free key in VirusTotal. Limited to 4 requests per minute (total of 500 requests per day).
- Option 2: Link your VirusTotal private key - If you currently have or plan to purchase a private key from VirusTotal, this is your best option since you would have no limitations
Extracted Files Tree View
The process tree view shows the original file and all extracted files/processes or memory modules, depending on the analysis type and the file type.
For static extraction, the left-hand side displays a list of extracted files.
For dynamic execution, the process tree displays all processes running in memory and the analyzed memory modules under every process.
For every analysis, you can take the following actions. some of the actions available also on the statically extracted files and also the memory modules extracted during dynamic execution.
You can submit a ticket for review if you come across a file that you believe has been misclassified or falsely detected.
To do so, click the "Actions" button at the top of the page and select "Report Analysis".
Private indexing is a powerful tool that allows you to create your own genetic database you can read more in our Private Indexing guide.
Download the uploaded sample or any other statically extracted files or memory modules related to the analysis. If you use any supported reverse engineering tool, you must have the actual sample.
You can choose between 2 options:
- Download the sample without any password - file extension .sample
- Download a password protect sample:
- Default password "infected"
- Custom password
If the analysis is not up to date, you can resubmit and get the latest verdict and classification.
If you want to delete a private file from the Intezer database, this will leave the history of analyses and prevent users from reanalyzing or downloading it.
* This option is available only for enterprise users
Export as PDF
Generation of a PDF report based on the viewed analysis for documentation purposes. An example is shown below.