1. Scan Result Page

The scan results page is the main place where information about a particular hash is displayed. The information is grouped into several tabs, each containing specific information. Not all the tabs will be visible all the time. E.g.: the "Extracted files" tab will only be displayed for archives, and the "Sanitized" tab will only be displayed for sanitized files (CDR). Each of the tabs is accessible under a specific link that can be copied or sent as a reference.

Description of main functionalities

Overview

Contains a summary of the scanned file:

  • its file name and corresponding SHA256

  • the multiscan score

  • the vulnerability score

  • the possibility to download the sanitized version of the scanned file (if the file can be sanitized)

  • code samples to get the data from our API.

images/download/attachments/26169908/1.png

If the file has vulnerabilities associated to it, the top 5 CVEs will be displayed.

If the hash is in our list of top 50 hashes, this will also be displayed on the overview page.

The "Analize Again" button will rescan the file. This button is available only if the engine definitions we have on the scan servers are never than the engine definitions of the scan, and if the file is not a privately scanned file.

File Information

This tab contains useful information regarding the scanned file as: hash information, the date that file was uploaded for the first time, the date that the file was scanned last time, its file type. extension and size.

images/download/attachments/26169908/2.png

Extracted Files

This tab is available only if the scanned file is an archive and it contans nested files. Here you can see a list of all the files attached to your archive, together with their individual scan results. If you click on any of the listed files, you will be routed to its scan result.

  • Supported archive types: ZIP, TAR, RAR, GZ, BZ2, 7Z, XZ, CRX, RPM, Z, LZ, XPI, CAB.

  • In order to rescan a certain file that is attached to your archive, you need to rescan the entire archive. There is a "Parent Archive" button on each of the scan results pages of the files inside the archive that links to the containing archive, where the "Analyze Again" button can be found.

images/download/attachments/26169908/3.png

Vulnerabilities

Vulnerabilities are security flaws in IT applications that could expose endpoints to different types of cyber attacks and malicious software.

MetaDefender cloud maps files to each application and its version, and is able able to provide vulnerability information at the hash level.

Through our API, you will be able to retrieve all the known vulnerabilities for all the applications reported for that hash. Basically, you will know if you are exposed to potential exploits if any of the existing hashes belong to applications with known vulnerabilities, and you will be able to do this directly through hash lookups, resulting in a faster diagnosis.

images/download/attachments/26169908/4.png

Data Sanitization

On MetaDefender Cloud, scans and data sanitization requests are performed asynchronously, and each scan request is tracked by a data ID. On this tab we display the multiscan report of the sanitized file, assuring you the highest quality of our sanitization services. For the file types that doesn't support sanitization, this tab won't be visible.

Supported file types: PDF, DOC(X/M), DOT(X/M), XLS(B/X/M), PPT(X/M), PPSX, RTF, BMP, PNG, JPG/JPEG, EPS, GIF, SVG, TIF(F), HTM/HTML, XML, HWP, JTD, OTD, DWG

images/download/attachments/26169908/5.png

Please refer to Data Sanitization for more information.

Multiscanning

We leverage both signature and heuristic scanning with up to 43 scan engines in the cloud to increase malware detection rates. The multiscanning result is shown in the form of a table with the following information:

  • engine name

  • scan time: duration of scan

  • last updated: the time of the signature update of the particular engine

  • result: whether the file is considered clean or not

images/download/attachments/26169908/6.png

Please refer to File Scanning for more information.

Possible scan results

Scanned files can have different results, due to various use cases, that can be identified by "scan_all_result_i" variable. Please refer to Description on scan result codes for more information.

Binary Reputation

This section contains information regarding:

  • Application Information: operating systems for which a particular application version was reported, including the kernel version, service pack, system architecture and OS language

  • Network Connections: a ll the network connections made by the applications are listed and ranked based on how many times the connection was reported for the selected application. Non routable IPs are not scanned through MetaDefender.

  • Loaded Components: a ll the components loaded by the applications are listed and ranked by the frequency at which the component was reported for the selected application. Since there are applications that report hundreds of loaded components, you can expect to see low numbers in the usage percentage column. Component rank is calculated based on the total number of reported components and how many times each component was seen.

  • File Names: same hash can be reported with multiple file names. For each file name, you can see a list of file paths as well as the usage percentage for each path. For privacy reasons, we alter any full paths that contain user names or other confidential data, and present it in a simplified format, while still showing how each path differs.

  • PE Info: t his information can be used to understand binaries; PE information is particularly helpful because it gives more insight about the files themselves: who the file is signed by, the date the file was compiled, the associated DLLs that get downloaded, etc. These all help to develop better context around the file.

images/download/attachments/26169908/7.png

Scan History

A general report of all the scans pursued for a certain hash. The information is ordered from the most recent scan to the oldest one, displaying the date of each scan and the correlated result.

images/download/attachments/26169908/8.png

We display up to the last 300 scans for a particular hash.

The cause of missing data on given tabs

If there's data missing on any of the available tabs, that means there are no information available. If you think that some information may be added, please contact us.

images/download/attachments/26169908/9.png