Report page for executed file

Once file execution is completed, brief information about the execution task appears in the History table. You can then navigate to the Sandbox report page by clicking the View details link.

Execution results for multi-files (containers) are described in the Multi-file report page section.

In case file execution in Sandbox failed, completed with error, or incomplete results obtained, Kaspersky Research Sandbox displays an abridged (short) report. The displayed information is based on the results of the file scan and on data from Kaspersky expert systems.

On the Sandbox report page of Kaspersky Research Sandbox, the object execution and analysis results are displayed:

• File threat score based on metrics and data obtained during file execution. Threat score descriptions are provided in the Appendices.
• The status of the executed file (Malware, Adware and other, Clean, or Not categorized) is displayed under the file name.
• Task’s status.
• MD5 hash of the executed file. Item is clickable. You can copy the item to the clipboard (Copy to clipboard drop-down list option) or navigate to Kaspersky Research Sandbox (Lookup drop-down list option).
• SHA1 hash of the executed file. Item is clickable. You can copy the item to the clipboard (Copy to clipboard drop-down list option) or navigate to Kaspersky Research Sandbox (Lookup drop-down list option).
• SHA256 hash of the executed file. Item is clickable. You can copy the item to the clipboard (Copy to clipboard drop-down list option) or navigate to Kaspersky Research Sandbox (Lookup drop-down list option).

You can download results of the file execution as an archive (compressed) by clicking the Export results button.

The Sandbox report page contains the following:

• List of available tabs for static and dynamic analysis results.
• Summary section—Displays execution task details and graphically presented (circle charts) proportions of detects, suspicious activities, extracted files, and network interactions detected during object execution. The object threat score is also displayed.
• Screenshots section—Set of screenshots that were taken during the file execution. This section is not available if you selected a Linux-based execution environment.

  

  Sandbox report page

Page top