The Binary Overview section of the Binary Analysis page includes the following information.



MD5 Hash Value

MD5 hash value for the binary.

SHA-256 Hash Value

The SHA-256 hash value for the binary.

Note: Note: Availability of SHA-256 hash data is dependent upon sensor capabilities. The macOS sensor version 6.2.4, which is packaged with Carbon Black EDR server version 6.3, sends SHA-256 hashes to the server. Check VMware Carbon Black Support for information about other sensors that can generate SHA-256 hashes.

For files that were originally discovered by a sensor that did not provide SHA-256 hashes, process information for new executions show SHA-256 hashes, but binary entries show SHA-256 as “(unknown)” until they appear as new files on a sensor that supports SHA-256.

Seen as

Filenames that were seen for binaries that match this MD5 hash value.

First seen at

Full time stamp of the time that this binary was last observed by currently installed sensors.


Signature status — either Signed or Unsigned .

Publisher Name

Name of the binary publisher.

File writer(s)

Number and names of files the binary has written to. Click the Find Writers link to view the files on the Process Search page.

Related Process(es)

Number of processes that have used this binary. Click the Find related link to find related process on the Process Search page.

Search the web

Performs a Google search for the MD5 hash value of the binary.

Feed Information

Shows scan results for this binary from Carbon Black Threat Intel feeds. Click the links to see the results.

Ban this hash

Click this button to ban this hash. Banning a hash terminates a process, if running, and prevents it from running in the future. See Banning Process Hashes.