What are the supported file types for Malware Analysis in RSA Security Analytics?

Tasks

The article provides a list of file types that are supported for Malware Analysis in RSA Security Analytics.

Resolution

Below is a snippet of the spectrum.lua parser which indicates the supported file types.

 local spectrumAnalyze = ({
 
    ["w
 indows executable"] = options.analyzeExe.value,
 
    ["
 office 95-2003 word document"] = options.analyzeOffice.value,
 
    ["
 office 95-2003 excel document"] = options.analyzeOffice.value,
 
    ["
 office 95-2003 powerpoint document"] = options.analyzeOffice.value,
 
    ["
 office 95-2003 document"] = options.analyzeOffice.value,
 
    ["
 office 2007 document"] = options.analyzeOffice.value,
 
    ["
 pdf"] = options.analyzePdf.value,
 
    ["
 rar"] = options.analyzeRar.value,
 
    ["
 rtf"] = options.analyzeRtf.value,
 
    ["
 zip"] = options.analyzeZip.value,
 
})

RSA Engineering has confirmed that all versions of Microsoft Office documents are supported for Malware Analysis. The Office document versions showing above are because no revisions were made to the Office document format after 2007.

File extensions are not considered at all. Files will be examined by Malware Analysis based upon being identified as a certain type of file by the relevant fingerprint parser. The fingerprint parsers identify a file based on its characteristics, irrespective of name or extension, neither of which are properties of a file itself.

For example, even if a legacy Microsoft Word document is transmitted over the wire as "foo.txt" it will be identified by fingerprint_office_lua as filetype: office 95-2003 word document.

Product Details

RSA Product Set: Security Analytics
RSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.x

Approval Reviewer Queue

Technical approval queue