Hash lookup report
After the hash lookup request is processed, available results are displayed on the report page.
A hash lookup report is consistent with a file analysis report.
Depending on the zone, the hash and its status (Malware, Adware and other, Clean, No threats detected, or Not categorized) are displayed on a panel in one of the following colors:
- Red—The hash can be classified as Malware.
- Gray—No data is available for the hash.
- Green—The executed file has Clean or No threats detected status. The No threats detected status is applied if the file was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.
- Yellow—The hash is classified as Adware and other (Adware, Pornware, and other programs).
The report page contains the following:
- General information pane—Displays general information about the requested hash.
- Detection names—Displays information about detects related to the requested hash and previously reported in Kaspersky statistics.
- Dynamic analysis summary—Displays the last file identified by the requested hash scan date and graphics of detects, suspicious activities, extracted files, and network interactions detected by Kaspersky expert systems.
- Dynamic analysis detects—Displays information about detects registered during the execution of a file identified by the requested hash.
- Triggered network rules—Displays information about SNORT and Suricata rules triggered during analysis of traffic from the file identified by requested hash.
- Premium content—Displays sections that contain blurred data about the requested hash. The actual data is available for users with Premium Access to Kaspersky Threat Intelligence Portal. You can request a demo version to view a full report and explore other Kaspersky Threat Intelligence Portal features.
The following tabs are available if the file identified by the requested hash was previously analyzed in Kaspersky Sandbox:
- Results tab—Displays information about dynamic analysis detects and triggered network rules. For registered users, execution map, information about suspicious activities, and screenshots are also available.
- Static analysis tab—Displays Portable Executable (PE) information and information about strings extracted during file execution.
- Tabs that are available for registered users:
- System activities tab—Displays information about activities that were registered during the file execution.
- Extracted files tab—Displays information about files that were extracted from network traffic or saved by the executed file during the execution.
- Network activities tab—Displays information about network activities that were registered during the file execution.