Extracted files

Kaspersky Research Sandbox provides information about packed object content.

You can filter items in the tables by specifying search criteria in the Search field below the table name.

Packed object content

Table name	Description	Table fields	Comments
Packed object content	Information about each file that the uploaded packed object contains.	Zone—Danger zone (level) of the file (Clean, Adware and other, Malware, Not categorized). MD5—MD5 hash of the file. Items are clickable. You can copy the item to the clipboard (Copy to clipboard drop-down list option) or navigate to Kaspersky Threat Intelligence Portal (Lookup drop-down list option). Path—File name and path from the root of the uploaded object. Click the item to view the full path in a separate window. If necessary, you can copy the path to the clipboard. Packer—Name of the packer with which the uploaded object is packed. Type—Automatically detected type of the file. Detection name—Names of the detected objects (for example, HEUR:Exploit.Script.Blocker). Each item in the list is clickable—you can click it to view its description at Kaspersky threats website. When you click on the item, the object's hash is transferred to the Kaspersky cloud infrastructure.	You can download files by clicking the relative icon . Files are downloaded as password-protected .zip archives. Use a default password `infected` to unzip archives. If the packed object contains more than 1000 files, then Kaspersky Research Sandbox scans all files, but only 1000 files are available for downloading. It is recommended to execute objects that contain less than 1000 files.

Table name

Description

Table fields

Comments

Packed object content

Information about each file that the uploaded packed object contains.

Zone—Danger zone (level) of the file (Clean, Adware and other, Malware, Not categorized).

MD5—MD5 hash of the file. Items are clickable. You can copy the item to the clipboard (Copy to clipboard drop-down list option) or navigate to Kaspersky Threat Intelligence Portal (Lookup drop-down list option).

Path—File name and path from the root of the uploaded object. Click the item to view the full path in a separate window. If necessary, you can copy the path to the clipboard.

Packer—Name of the packer with which the uploaded object is packed.

Type—Automatically detected type of the file.

Detection name—Names of the detected objects (for example, HEUR:Exploit.Script.Blocker). Each item in the list is clickable—you can click it to view its description at Kaspersky threats website. When you click on the item, the object's hash is transferred to the Kaspersky cloud infrastructure.

You can download files by clicking the relative icon Download file button. . Files are downloaded as password-protected .zip archives. Use a default password infected to unzip archives.

If the packed object contains more than 1000 files, then Kaspersky Research Sandbox scans all files, but only 1000 files are available for downloading. It is recommended to execute objects that contain less than 1000 files.

Page top