Expand all | Collapse all
Analysis Artifacts
The following table provides field names and related
information for analysis artifacts.
| Artifact Type as
it Appears on AutoFocus Web Portal | | Acceptable Values and
Examples |
| | | Network activity including connections,
IP addresses, and country codes. tcp-connection, 46.254.18.90:80 , , RU |
| | | DNS activity including query, response,
and type. a0ce.akamaiedge.net |
| | | Parent process, action, and file path. Program Files\Zona\utils.jar, |
| | | HTTP request including host, method, URL,
and user agent string. /T/a93E_X.jpeg |
sample.tasks.metadata_sections | PE Metadata | | Metadata from PE files, including the name,
virtual address, virtual size, and raw size. .text , 15872 , 4096 , 15866 |
| | | load, class barcode.Get2D not found. |
sample.tasks.behavior_type | Observed Behavior | | Behaviors seen when a sample is analyzed
by WildFire. pe_sa_abnl_sect_name |
| Other API Behavior | | Non-Java API activity seen when a sample
is analyzed by WildFire. sample.exe , ZwProtectVirtualMemoryFailed , 0xc0000045 , 0xffffffff , pid=1516 , 0x0012fed8 , 0x0012fedc , 0x00000000 |
| Process Activity | | Processes that showed activity when the
sample was analyzed by WildFire. cmd.exe , terminated , , Users\\Administratorexp lorer.exe" |
| | | Services that showed activity when the sample was
analyzed by WildFire. WINWORD.EXE , StartService , , |
| User Agent Fragments | | The user agent header for HTTP requests
sent when the sample was analyzed by Wildfire. Microsoft-CryptoAPI/6.1 |