Threats

Kaspersky Research Sandbox provides information about detects (detections) that were registered during the file execution.

If a full analysis was performed, displayed data may also include the results of the dynamic analysis.

Table name	Description	Table fields	Comments
Sandbox detection names	Detects that were registered during the file execution.	Zone—Danger zone (level) to which the object refers (Clean, Adware and other, Malware, Not categorized). Name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker). Each item in the list is clickable—you can click it to view its description at Kaspersky threats website. When you click on the item, the object's hash is transferred to the Kaspersky cloud infrastructure.	Items in the table are sorted in the Zone field from Malware to Not categorized status.
YARA detects	YARA rules that were triggered during analysis of traffic from the executed file and from the files that were transferred or dropped during the execution.	YARA rule—Name of the triggered YARA rule. File type—Source of the file detected by the YARA rule (Sample, Transferred, Dropped). MD5—MD5 hash of the file detected by the YARA rule. Items are clickable. You can copy the item to the clipboard (Copy to clipboard drop-down list option) or navigate to Kaspersky Threat Intelligence Portal (Lookup drop-down list option). Tags—Tags of the YARA rule.	—

Table name

Description

Table fields

Comments

Sandbox detection names

Detects that were registered during the file execution.

Zone—Danger zone (level) to which the object refers (Clean, Adware and other, Malware, Not categorized).

Name—Name of the detected object (for example, HEUR:Exploit.Script.Blocker). Each item in the list is clickable—you can click it to view its description at Kaspersky threats website. When you click on the item, the object's hash is transferred to the Kaspersky cloud infrastructure.

Items in the table are sorted in the Zone field from Malware to Not categorized status.

YARA detects

YARA rules that were triggered during analysis of traffic from the executed file and from the files that were transferred or dropped during the execution.

YARA rule—Name of the triggered YARA rule.

File type—Source of the file detected by the YARA rule (Sample, Transferred, Dropped).

MD5—MD5 hash of the file detected by the YARA rule. Items are clickable. You can copy the item to the clipboard (Copy to clipboard drop-down list option) or navigate to Kaspersky Threat Intelligence Portal (Lookup drop-down list option).

Tags—Tags of the YARA rule.

—

Page top