Extracted Files
The Extracted Files page allows browsing through the entire hierarchy of files extracted from a sample. Below the Extracted Files page link in the sidebar, all extracted files are broken down by their classification.
The Spectra Analyze performs recursive sample analysis where each file extracted from a sample is analyzed separately.
The “parent” file then inherits classification (for example, malicious) if the “child” file is deemed malicious. This is also known as classification propagation.
There are two views for extracted files:
- Breadcrumb view.
- Flat view.
Both views have options for filtering and exporting, while the flat view has additional filters (name, threat, and format).
The Export menu contains options to export the whole page or just the files extracted from a sample. For the Selected option to become available, one or more files on the page have to be selected.
To export multiple pages of results, browse pages one by one and manually export them.
Data can be exported as CSV, JSON or XML.
To copy only the file hashes for the desired set of extracted files, the menu contains options to copy SHA1, SHA256 and MD5 hashes to the clipboard. Hashes are delimited by a whitespace, so that they can be directly pasted into the search bar.
The exported file can contain one or more of the following columns. They can be enabled in the Export menu, under Show more Export options
- Files - the number of files extracted from a sample (if the sample is a container).
- Format - file format of each file in the results grid.
- Name - extracted file name
- Time - timestamp when a file was extracted
- Threat - detected threat name for malicious and suspicious files, formatted according to ReversingLabs Malware Naming Standard.
- Size - indicates the size of a file.
- SHA256, MD5 - additional file hashes that can be included in the exported file. The SHA1 hash is always included by default.
The actions menu (☰) on the right contains options for downloading the sample, reclassifying and reanalyzing it, downloading unpacked files, downloading the top-most container of the selected file, and previewing the selected file (described in the File Preview / Visualizations section).
When one or more files are selected, another actions menu (☰) appears highlighted to the right of the Size column. The menu contains the Apply tags and Subscribe/Unsubscribe options that can be used on files individually or in bulk.