Scan Result Page

The scan results page is where you can find the results of the most recent scan you have performed. The information is grouped into several tabs, each containing specific information. Not all the tabs will be visible all the time.* E.g.: the "Extracted files" tab will only be displayed for archives, the "Deep CDR" tab will only be displayed for sanitized files, and the "Proactive DLP" tab only if sensitive data was found on your file. Each of the tabs is accessible under a specific link that can be copied and sent as a reference.

Overview

The overview section contains a summary of the scanned file:

the file name and corresponding SHA256
the multiscan score
the vulnerability score
the possibility to download the sanitized version of the scanned file (if the file can be sanitized)
community score
dynamic analysis score
code samples

If the file has vulnerabilities associated to it, the top 5 CVEs will be displayed.

Static Analysis: Multiscanning

We leverage both signature and heuristic scanning with 30+ scan engines in the cloud to increase malware detection rates. The multiscanning result is shown in the form of a table with the following information:

In the Multiscanning tab, accessing comprehensive details about your multiscan outcomes becomes effortless. A conveniently generated .pdf document stands prepared for export at your command, requiring nothing more than a simple click on the "Export PDF" button in blue. This document is your gateway to insights about the uploaded file, along with a breakdown of outcomes derived from each individual engine that diligently scrutinized your submitted data.

Within the PDF document, a wealth of insights awaits regarding the uploaded file. Delve details like the data id, file's name, size, description, signatures, upload timestamp, duration, and an all-encompassing analysis report that ties everything together.

Static Analysis: Proactive Data Loss Prevention (DLP)

Proactive DLP Page is designed to identify and thwart sensitive data within files, ranging from credit card numbers (CCN) and social security numbers (SSN) to IPv4 and Classless Inter-Domain Routing (CIDR).

To activate this feature, the initial step is to visit metadefender.opswat.com. Once there, by clicking the wheel button, you can easily choose and activate the Proactive DLP feature as depicted below.
Next step is uploading your file and allowing Proactive DLP to perform its function.
Once the processing is completed, the Overview page will display two new banners indicating the discovery of sensitive information in the uploaded file as below.

Under Static Analysis page, you will find Proactive DLP subpage with all the information about the DLP results.

You will be able to see information based on the category discovered by DLP such as the Hit, Certainty Score, Location and if the content was Redacted or not.

You have the option to download the sanitized version, where all sensitive information rated as Medium Certainty and above has been redacted.

Static Analysis: Deep CDR

Deep CDR stands for Deep Content Disarm and Reconstruction. What our industry leading technology does is break down a file into its most basic components, remove any potentially malicious content such as macros, and reconstruct the file without the potentially malicious content. For more information on this technology check out this page on Deep CDR.

On MetaDefender Cloud, scans and Deep CDR requests are performed asynchronously, and each scan request is tracked by a data ID. On this tab we display the multiscanning report of the sanitized file in order to demonstrate the effectiveness of the sanitization services as well as a link to download the sanitized file. For the file types that don't support sanitization, this tab won't be visible.

Please refer to MetaDefender Cloud API v4API for more information on how to leverage Deep CDR via our API.

Static Analysis: Vulnerabilities

Vulnerabilities are security flaws in IT applications that could expose endpoints to different types of cyber-attacks and malicious software.

MetaDefender Cloud maps files to software products and versions, providing vulnerability information at the hash level.

Static Analysis: Binary Reputation

This section contains information regarding:

Application Information: operating systems for which a particular application version was reported, including the kernel version, service pack, system architecture, and OS language
Network Connections: all the network connections made by the applications are listed and ranked based on how many times the connection was reported for the selected application. Non-routable IPs are not scanned through MetaDefender.
Loaded Components: all the components loaded by the applications are listed and ranked by the frequency at which the component was reported for the selected application. Since there are applications that report hundreds of loaded components, you can expect to see low numbers in the usage percentage column. Component rank is calculated based on the total number of reported components and how many times each component was seen.
File Names: same hash can be reported with multiple file names. For each file name, you can see a list of file paths as well as the usage percentage for each path. For privacy reasons, we alter any full paths that contain user names or other confidential data, and present it in a simplified format, while still showing how each path differs.

Static Analysis: PE Info

PE Info: This information can be used to understand binaries; PE information is particularly helpful because it gives more insight into the files themselves: who the file is signed by, the date the file was compiled, the associated DLLs that get downloaded, etc. These all help to develop a better context around the file.