The Analysis subject sections display detailed information about the file or files contained or accessed by the sample when the NSX Advanced Threat Prevention service processed it.

To expand the section, click plus icon.

For an executable file, the following data is displayed:

  • Name: The name of the executable, if available.

  • MD5: The MD5 hash of the file.

  • SHA1: The SHA1 hash of the file.

  • File type: The type of executable, for example, PE executable, application, 32-bit, Intel i386.

  • File size: The file size.

  • Command line: The full command line, including any arguments or options. For example, C:\Users\ExampleUser\AppData\Local\Temp\exe_malware.exe.

  • Execution context: The privilege level invoked by the executable.

  • Architecture: The architecture of the executable.

  • Analysis reason: Why the started processing the file.