Supported Filetypes

In a default Recorded Future: Sandbox setup, the following file types are supported:

Executables:

• DLL, EXE, MSI

Documents:

• CHM, HTA, IQY, Office 2003, Office 2007+, OpenOffice, PDF, RTF, SLK, SWF, HTML

Scripting:

• BAT, PS1, JS, JSE, VBE, PL, VBS, WSF

macOS:

• APP, DMG, ELF, mach-O, PKG, SCPT

Android:

• APK, DEX

Linux (ARM, ARM64, MIPS, PowerPC, x86, x86_64):

• ELF, SH

Other:

• JAR, LNK, URL, JNLP

Filetypes eligible for QR code analysis

Images:

• PNG, JPG / JPEG

Archives (for unpacking):

• 7z, ACE, BZ2, CAB, DAA, EML, GZIP, IMG, ISO, LZ, LZH, MSG, PKZIP, RAR, TAR, TNEF, VBN, VHD, XAR, XZ, ZIP

Note: Archive file formats are supported for static analysis. Supported file types extracted from an archive may be selected for further behavioural analysis.

Additional filetypes

The sandbox may accept additional formats to those described above. Support for these file formats is considered "best effort" and may not perform as expected.

Filetypes on our TODO List

We're always working on new static and behavioral analysis components. If you think we should add support for a common file type that is not listed above, or that does not behave as expected, just reach out and let us know!