The following topics provide a snapshot of the AutoFocus™
features introduced in March 2019. Each section includes context
for the new feature, with steps to get started.
March AutoFocus Features
About Each Feature
Additional WildFire Static Analysis
Data in Sample Reports
AutoFocus™ now displays additional
WildFire analysis data that can be viewed under the Static Analysis
section of an AutoFocus sample details page:
—Portable executable file
metadata details extracted during WildFire analysis. This includes
the section header details, including the name, virtual address,
virtual size, and raw size.
You can add any of the metadata
values to a search by hovering over an artifact and selecting one
of the associated search tasks. To add all values to a search, select
the left-most drop down. From here, you can also add the artifact
to an AutoFocus export list for further analysis.
—Hashes of files that
are embedded within document files are displayed, along with the
more information about the concepts referenced in this feature, refer
AutoFocus™ now displays the compilation
timestamp for PE files on the sample details page. This
time and date represents when an executable image was created. Unusual
timestamps, such as a random value or a series of zeros can indicate
To view the PE sample compilation timestamp, start a search for a PE file
and click on a sample for details.
can also use the
listed under Analysis Artifacts to search for samples based on a
PE file creation date and time.