Skip to main content

Cyware Threat Intelligence eXchange

Scan

Use Scan to quickly inspect files and URLs for known malware, suspicious patterns, or threat indicators. Scan provides faster results than sandboxing and is ideal for quick, on-demand threat assessments.

BeforeyouStart

Ensure that your user group has the following permissions:

  • View Sandbox Records

  • Create Sandbox Records

Steps

To scan a file or URL for quick threat detection, follow these steps:

  1. Go to Main Menu and select Analysis > Sandbox.

  2. Click the Scan tab.

  3. Use one of the following input methods: 

    • Upload File: Click the Drag & Drop or Browse area to select a file from your system. For more information on supported file formats and size limits, see Supported File Types and Size.

    • Enter URL: Paste the URL into the input field.

  4. Click Submit to initiate the scan.

After submission, the file or URL appears in the Scan listing table with the corresponding analysis status.

Supported Actions

After the analysis is complete, you can take the following actions:

  • View Scan Report: Click any scanned record to view detailed scan results.

  • Submit to Sandbox: For deeper behavioral analysis:

    1. Select a scanned record.

    2. Click Submit to Sandbox.

    3. You are redirected to the Sandbox tab to complete the submission. For more information, see Sandbox.

      Use this option when a quick scan flags a suspicious artifact and further investigation is required.

  • Download Report: Export the scan report as a JSON file for offline analysis or record-keeping.

  • Delete Report: Remove a scanned record from the list if it is no longer needed.

View Scan Submissions

Each scanned record appears in the Scan tab listing with the following details:

Field

Description

Title

Name of the submitted file or URL.

Status

Indicates the current scan status: In Progress, Completed, or Failed.

Type

Displays whether the scanned item is a File or a URL.

Scan ID

Unique identifier assigned to the scan session.

SHA256

SHA256 hash of the submitted file.

Submitted By

User who initiated the scan.

Submitted On

Date and time of the scan submission.

You can also search and sort records using filters and column headers to locate specific scans efficiently.

View Scan Report

Open any record with a success status to view the scan report. It includes the following sections:

  • Summary: Displays a high-level overview, including:

    • Total number of detection engines used

    • Number of engines that flagged the files as malicious

    • File name

    • Artifact size

    • Scan date and timestamp

    • Detected malware family (if applicable)

  • Detections: Lists any Indicators of Compromise (IOCs) or threat signatures identified during the scan.

  • File Metadata: Provides detailed technical attributes such as:

    • File names

    • First Seen and Last Scanned timestamps

    • MIME type and file formats

Supported File Types and Size

Artifact Type

Supported Formats

Size

Files

.dll, .upx, .exe, .msi, .chm, .hta, .iqy, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pub, .pub2016, .zip, .one, .mht, .hwp, .ich, .inp, .pdf, .rtf, .slk, .swf, .html, .bat, .ps1, .js, .jse, .vbe, .pl, .py, .vbs, .wsf, .apk, .dex, .jar, .lnk, .url, .jnlp, .reg, .xslt, .xps.

32 MB

URLs

http://, https://, and www. prefixed URLs

-