Static Analysis

Step #1 - Open /home/sandbox/sandbox/transform.cfg in a text editor

Step #2 - Modify the configuration by adding or modifying the properties on this page

Step #3 - Save the file and restart the sandbox service

URLs

Enable domain resolver, IP stack Geolocation and Hexillion WHOIS domain lookups

IP Geolocation lookup will be executed on resolved domains
transform.cfg
Copy
Property nameDefault valueDescription
runDomainResolvertrueSwitch to enable / disable domain resolving
domainResolveMaxResolves20Domain resolver limit, '0' means no limit
runDomainResolveDistributedTimeoutMs1 minuteExecution timeout
transform.cfg
Copy
Property NameDefault ValueDescription
runWhoisRecordLookupstrueSwitch to enable / disable WHOIS lookups
runHexillionLookupTimeoutMs30 secondsExecution timeout
runHexillionLookupMaxLookups30Lookup limit, '0' means no limit
hexillionUrlhttps://hexillion.com/rf/xml/1.0/whois/?query=$domainAPI URL
hexillionUsernameAPI username
hexillionPasswordAPI password

Office Documents

Enable static analysis for Microsoft Office documents

transform.cfg
Copy
Property nameDefault valueDescription
runContentParsertrueSwitch to enable / disable Office document static analysis
runContentParserDirectTimeoutMs10 secondsExecution timeout

OLE Files

Enable parsing OLE files

transform.cfg
Copy
Property nameDefault valueDescription
runOledumpOnOLEFilestrueSwitch to enable / disable OLE parsing
runOledumpBiffOnXLSFilestrueEnable or disable parsing of BIFF records
oledumpExecutionTimeout30 secondsExecution timeout
oledumpMaxFileSizeInKb1 MBFile size limit

PE Files

Enable executable file parsing, unpacking and disassembly

transform.cfg
Copy
Property nameDefault valueDescription
runUpxUnpackertrueSwitch to enable / disable UPX unpacking
Property nameDefault valueDescription
runUnipackerOnPEFilestrueSwitch to enable / disable unpacking
unipackerExecutionTimeout50 secondsExecution timeout
unipackerIgnorePackersdelphi,nullsoftComma separated list of ignored unpackers
unipackerMaxFileSizeInKb2 MBFile size limit
Property nameDefault valueDescription
runAutoItRippertrueSwitch to enable / disable AutoItRipper, extraction of compiled AutoIt scripts
Property nameDefault valueDescription
runPythonUnpackertrueSwitch to enable / disable Python unpacking
pythonUnpackerTimeout30 secondsSwitch to enable / disable Python unpacking, extraction of compiled Python scripts
Property nameDefault valueDescription
extractDisassemblySectionstrueSwitch to enable / disable disassembly
extractDisassemblySectionsLimit200Limit: the number of disassembled sections
extractDisassemblySectionsInstructionLimit10000Limit: the number of disassembled instructions
Property nameDefault valueDescription
runDe4DotForNetFilestrueSwitch to enable / disable .NET unpacking
de4dotExecutionTimeout30 secondsExecution timeout
Property nameDefault valueDescription
enableDetectItEasytrueSwitch to enable / disable DetectItEasy, file type and attribute detection
enableDetectItEasyForExtractedFilestrueEnable DetectItEasy on extracted files
detectItEasyTimeout3 secondsExecution timeout

Android Files

Enable Android APK parsing

transform.cfg
Copy
Property nameDefault valueDescription
runAPKToolForAndroidFilestrueSwitch to enable / disable APK parsing
apkToolExecutionTimeout60 secondsExecution timeout
apkToolParseMaxFolderDepth10Limit: APK archive folder dept
apkToolCheckMaxFiles10000Limit: APK archive file count
apkToolParseMaxFiles1000Limit: Smali file count

Java Files

Enable Java decompilation

transform.cfg
Copy
Property nameDefault valueDescription
runCFRForJavaFilestrueSwitch to enable / disable Java decompilation
cfrExecutionTimeout30 secondsExecution timeout
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Dynamic Analysis

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
Static AnalysisURLsOffice DocumentsOLE FilesPE FilesAndroid FilesJava Files