The Binary Overview section of the Binary Analysis page includes the following information.
Heading |
Description |
|---|---|
MD5 Hash Value |
MD5 hash value for the binary. |
SHA-256 Hash Value |
The SHA-256 hash value for the binary.
Note:
Note: Availability of SHA-256 hash data is dependent upon sensor capabilities. The macOS sensor version 6.2.4, which is packaged with
Carbon Black EDR server version 6.3, sends SHA-256 hashes to the server. Check
VMware Carbon Black Support for information about other sensors that can generate SHA-256 hashes.
For files that were originally discovered by a sensor that did not provide SHA-256 hashes, process information for new executions show SHA-256 hashes, but binary entries show SHA-256 as “(unknown)” until they appear as new files on a sensor that supports SHA-256. |
Seen as |
Filenames that were seen for binaries that match this MD5 hash value. |
First seen at |
Full time stamp of the time that this binary was last observed by currently installed sensors. |
Status |
Signature status — either Signed or Unsigned . |
Publisher Name |
Name of the binary publisher. |
File writer(s) |
Number and names of files the binary has written to. Click the Find Writers link to view the files on the Process Search page. |
Related Process(es) |
Number of processes that have used this binary. Click the Find related link to find related process on the Process Search page. |
Search the web |
Performs a Google search for the MD5 hash value of the binary. |
Feed Information |
Shows scan results for this binary from Carbon Black Threat Intel feeds. Click the links to see the results. |
Ban this hash |
Click this button to ban this hash. Banning a hash terminates a process, if running, and prevents it from running in the future. See Banning Process Hashes. |
