1. Scan Result Page

The scan results page is the main place where information about a hash is displayed. The information is grouped into several tabs, each containing specific information. Not all the tabs will be visible all the time. E.g.: the "Extracted files" tab will only be displayed for archives, and the "Deep CDR" tab will only be displayed for sanitized files. Each of the tabs is accessible under a specific link that can be copied and sent as a reference.




Contains a summary of the scanned file:

  • the file name and corresponding SHA256

  • the multiscan score

  • the vulnerability score

  • the possibility to download the sanitized version of the scanned file (if the file can be sanitized)

  • community score

  • dynamic analysis score

  • code samples

If the file has vulnerabilities associated to it, the top 5 CVEs will be displayed.

The "Analyze Again" button will rescan the file. This button is available only if the engine definitions we have on the scan servers are never than the engine definitions of the scan, and if the file is not a privately scanned file.


Static Analysis :: Multiscanning

We leverage both signature and heuristic scanning with 30+ scan engines in the cloud to increase malware detection rates. The multiscanning result is shown in the form of a table with the following information:

  • engine name

  • last updated: the time of the signature update of the particular engine

  • result: whether the file is considered infected or not

Please refer to File Scanning for more information.

Possible scan results

Scanned files can have different results, due to various use cases, that can be identified by "scan_all_result_i" variable. Please refer to Description on scan result codes for more information.


Static Analysis :: Deep CDR

On MetaDefender Cloud, scans and Deep CDR requests are performed asynchronously, and each scan request is tracked by a data ID. On this tab we display the multiscanning report of the sanitized file in order to demonstrate the effectiveness of the sanitization services. For the file types that don't support sanitization, this tab won't be visible.

Please refer to Data Sanitization for more information.


Static Analysis :: Extracted files

This tab is available only if the scanned file is an archive and the "Unarchiving" option was enabled when uploading. Here a list of all the files inside the archive is shown, together with individual scan results. Clicking on a listed file will open its scan result.

In order to rescan a certain file that is attached to your archive, you need to rescan the entire archive. There is a "Parent Archive" link on each of the scan results pages of the files inside the archive that links to the containing archive, where the "Analyze Again" button can be found.


Static Analysis :: Vulnerabilities

Vulnerabilities are security flaws in IT applications that could expose endpoints to different types of cyber-attacks and malicious software.

MetaDefender Cloud maps files to software products and versions, providing vulnerability information at the hash level.


Static Analysis :: Binary Reputation

This section contains information regarding:

  • Application Information: operating systems for which a particular application version was reported, including the kernel version, service pack, system architecture, and OS language

  • Network Connections: a ll the network connections made by the applications are listed and ranked based on how many times the connection was reported for the selected application. Non-routable IPs are not scanned through MetaDefender.

  • Loaded Components: a ll the components loaded by the applications are listed and ranked by the frequency at which the component was reported for the selected application. Since there are applications that report hundreds of loaded components, you can expect to see low numbers in the usage percentage column. Component rank is calculated based on the total number of reported components and how many times each component was seen.

  • File Names: same hash can be reported with multiple file names. For each file name, you can see a list of file paths as well as the usage percentage for each path. For privacy reasons, we alter any full paths that contain user names or other confidential data, and present it in a simplified format, while still showing how each path differs.


Static Analysis :: PE info

PE Info: t his information can be used to understand binaries; PE information is particularly helpful because it gives more insight into the files themselves: who the file is signed by, the date the file was compiled, the associated DLLs that get downloaded, etc. These all help to develop a better context around the file.


Static Analysis :: EXIF Metadata

Shows image metadata such as resolution, the ID of the device that took the photo or geolocation coordinates. Displayed only for images.


Static Analysis :: Android metadata

Information extracted from Android manifest files. We display:

  • summary with android package version, name and application version

  • all the permissions requested by the app

  • services, receivers, and providers

  • the list of intent filters

More data can be retrieved via API.


Static Analysis :: Scan history

A general report of all the scans of the file. The information is ordered from the most recent scan to the oldest one, displaying the date of each scan and the correlated result.

We display up to the last 200 scans for a particular hash.



Community generated information about files. We ask our users to vote independently from the displayed analysis, considering the votes as an "impartial opinion"


The cause of missing data on given tabs

If there's data missing on any of the available tabs, that means there is no information available. If you think that some information may be added, please contact us.