{% extends "base.html" %} {% block breadcrumb %} Files {{ file_info.original_name }} {% endblock %} {% block content %}
{{ file_info.original_name }} FILE
{# Buttons are gated on `available.*` and `edr_profiles` (filtered #} {# upstream in render_file_info to only the profiles that actually #} {# have a saved JSON for this sample). A fresh upload with no #} {# analyses run yet will only show the Back button. #} {% if available.static %} {% endif %} {% if available.dynamic %} {% endif %} {% if available.holygrail %} {% endif %} {% for profile in edr_profiles %} {% endfor %}
Subject
{{ file_info.original_name }}
MD5: {{ file_info.md5 }}
Detection
{{ file_info.risk_assessment.score }}/100
{{ file_info.risk_assessment.level }}
Entropy
{{ "%.2f"|format(file_info.entropy) }}
{% if file_info.entropy > entropy_risk_levels.High %}High{% elif file_info.entropy > entropy_risk_levels.Medium %}Medium{% else %}Low{% endif %}
Detection Assessment
{{ file_info.risk_assessment.level }} {{ file_info.risk_assessment.score }}%
{% if file_info.risk_assessment.factors %}
Triggering Indicators
{% endif %}
Hashes
MD5
{{ file_info.md5 }}
SHA256
{{ file_info.sha256 }}
Basic Information
File Size
{{ file_info.size|filesizeformat }}
File Type
{{ file_info.mime_type }}
Extension
{{ file_info.extension }}
Upload Time
{{ file_info.upload_time }}
{% if file_info.pe_info %}
PE Information {% if file_info.pe_info.build_with %} {{ file_info.pe_info.build_with.upper() }} BINARY {% endif %} {% if file_info.pe_info.detection_notes %} {{ file_info.pe_info.detection_notes|length }} NOTES {% endif %}
File Type
{{ file_info.pe_info.file_type }}
Machine
{{ file_info.pe_info.machine_type }}
Subsystem
{{ file_info.pe_info.subsystem }}
Compile Time
{{ file_info.pe_info.compile_time }}
Entry Point
{{ file_info.pe_info.entry_point }}
{% if file_info.pe_info.checksum_info %}
PE Checksum
{% if file_info.pe_info.checksum_info.is_valid %} Valid {% elif file_info.pe_info.checksum_info.build_with %} {{ file_info.pe_info.checksum_info.build_with.upper() }} BINARY {% else %} Invalid {% endif %}
{% endif %}
{% if file_info.pe_info.detection_notes %}
Detection Notes
    {% for note in file_info.pe_info.detection_notes %} {% set is_runtime = file_info.pe_info.build_with and ('runtime' in note.lower() or file_info.pe_info.build_with in note.lower()) %}
  • ! {{ note }}
    • {% endfor %}
{% endif %} {% if file_info.pe_info.checksum_info and not file_info.pe_info.checksum_info.is_valid %} {% set build_with = file_info.pe_info.checksum_info.build_with %}
{% if build_with %}{{ build_with.upper() }} Binary Checksum{% else %}Checksum Mismatch{% endif %}
{% if build_with %}

{{ build_with|capitalize }} binaries typically have non-standard PE checksums — this is normal behavior.

{% endif %}
Stored
{{ file_info.pe_info.checksum_info.stored_checksum }}
Calculated
{{ file_info.pe_info.checksum_info.calculated_checksum }}
{% endif %}
PE Sections
{% for section in file_info.pe_info.sections %} {% endfor %}
NameSizeEntropyNotes
{{ section.name }} {{ section.size|filesizeformat }} {{ "%.2f"|format(section.entropy) }} {% for note in section.detection_notes %}
{{ note }}
{% endfor %}
{% if file_info.pe_info.suspicious_imports %} {% set runtime_imports = file_info.pe_info.suspicious_imports | selectattr('is_runtime_import') | list %} {% set suspicious_imports = file_info.pe_info.suspicious_imports | rejectattr('is_runtime_import') | list %} {% set build_with = file_info.pe_info.build_with %}
{% if build_with and not suspicious_imports %}API Imports ({{ build_with|capitalize }} Runtime){% else %}Sensitive Imports{% endif %}
{% if build_with %}
{{ build_with|upper }} Binary Detected {% if suspicious_imports %} {{ runtime_imports|length }} standard runtime imports and {{ suspicious_imports|length }} sensitive imports observed. {% else %} These {{ runtime_imports|length }} imports are typically part of the {{ build_with|capitalize }} runtime. {% endif %}
{% endif %}
{% for dll, imports in file_info.pe_info.grouped_suspicious_imports.items() %} {% set dll_runtime_imports = imports | selectattr('is_runtime_import') | list %} {% set dll_suspicious_imports = imports | rejectattr('is_runtime_import') | list %} {% if dll_runtime_imports %}
{{ dll }} {{ build_with|upper if build_with else 'INFO' }} Runtime
{% for import in dll_runtime_imports %}
{{ import.function }} [{{ import.category }}] {% if import.hint is not none %}Hint: {{ import.hint }}{% endif %}
{{ import.note }}
{% endfor %}
{% endif %} {% if dll_suspicious_imports %}
{{ dll }}
{% for import in dll_suspicious_imports %}
{{ import.function }} [{{ import.category }}] {% if import.hint is not none %}Hint: {{ import.hint }}{% endif %}
{{ import.note }}
{% endfor %}
{% endif %} {% endfor %}
{% endif %}
{% endif %} {% endblock %}