After analyzing a file or hash, the analysis results page is displayed. The results are divided into sections. Each section provides an additional layer of investigation.
Table of Contents
- Main Summary
- Analysis Verdict
- Classification (Malware Family)
- Report Analysis
- Process Tree View
The top of the page shows a summary of the analysis results
Indicates the calculated verdict which is based on code reuse and other artifacts.
A more granular result of the verdict. For further info read here.
Classification (Malware Family)
Specifies the file’s classification based on code reuse findings. For example, a file could be classified as WannaCry, Lazarus, Magic Hound, or zlib.
If you come across a file that you believe has been misclassified or falsely detected, you can submit a ticket for review.
To do so, click the "Actions" button at the top of the page and select "Report Analysis".
Specify the number of detections in VirusTotal, In order to give more context for the Analysis report.
Note: For enterprise users, in order to support this functionality, they must set their own VirusTotal key:
- Option 1: Link your own VirusTotal public key - Create a free key in VirusTotal. Limited to 4 requests per minute (total of 500 requests per day).
- Option 2: Link your own VirusTotal private key - If you currently have or plan to purchase a private key from VirusTotal, this is your best option since you would have no limitations
Extracted Files Tree View
The process tree view shows the original file and all extracted files/processes or memory modules, depending on the analysis type and the file type.
For static extraction, the left-hand side displays a list of extracted files.
For dynamic execution, the process tree displays all processes running in memory and the analyzed memory modules under every process.