Sandbox Analyzer objects

Supported file types and extensions for manual submission

The following file extensions are supported and can be manually detonated in Sandbox Analyzer:

Batch, CHM, DLL, EML, Flash SWF, HTML, HTML/script, HTML (Unicode), JAR (archive), JS, LNK, MHTML (doc), MHTML (ppt), MHTML (xls), Microsoft Excel, Microsoft PowerPoint, Microsoft Word, MZ/PE files (executable), PDF, PEF (executable), PIF (executable), RTF, SCR, URL (binary), VBE, VBS, WSF, WSH, WSH-VBS, XHTML.

Sandbox Analyzer is able to detect the above-mentioned file types also if they are included in archives of the following types: 7z, ACE, ALZip, ARJ, BZip2, cpio, GZip, LHA, Linux TAR, LZMA Compressed Archive, MS Cabinet, MSI, PKZIP, RAR, Unix Z, ZIP, ZIP (multivolume), ZOO, XZ.

File types supported by Content Prefiltering at automatic submission

Content prefiltering will determine a particular file type through a combination which implies the object content and extension. That means that an executable having the .tmp extension will be recognized as an application and, if found suspicious, it will be sent to Sandbox Analyzer.

  • Applications - files having the PE32 format, including but not limited to the following extensions: exe, dll, com.

  • Documents - files having the document format, including but not limited to the following extensions: xlsx, xls, ppt, doc, docx, dot, chm, xlm, docm, dotm, potm, potx, ppam, ppax, pps, ppsm, pptx, sldm, sldx, xlam, xlm, xltm, rtf, pdf.

  • Scripts: ps, wsf, ws, php, py, js, vb, vbs, pyc, pyo, wsc, wsh, psc1, jse, vbe.

  • Archives: zip, jar, 7z, bz, bz2, tgz , msi, rar, rev, z, arj, iso, lha, lhz, uu, uue, xxe, lzma, ace, r00.

  • Emails (saved in the file system): eml, tnef.

Default exclusions at automatic submission

asc, avi, bmp, gif, jpeg, jpg, mkv, mp4, pgp, png, txt.