: DEX File Analysis
Focus
Focus

DEX File Analysis

Table of Contents

DEX File Analysis

The WildFire public cloud can now analyze Dalvik executable (DEX) files with malicious, benign, or grayware verdicts. Individual DEX files not forwarded by the firewall to Wildfire for analysis. Instead, DEX files can be uploaded for analysis using the WildFire API or the WildFire portal (With a WildFire subscription, you can manually and programmatically submit a daily total of 1,000 files). DEX files contained within APK files are analyzed as part of the APK file analysis. As with all malicious samples, the WildFire public cloud generates and distributes a signature to firewalls to prevent future instances of the file from penetrating your network. Signatures generated by DEX file analysis are matched against DEX files passing through the firewall, as well as those contained within APK files. No additional configuration needs to be made in order to take advantage of his feature.
The WF-500 appliance does not support DEX file analysis.
  • Manually upload DEX files to the WildFire public cloud for analysis. You can then view the WildFire sample analysis report and verdict (malicious, grayware or benign) on the WildFire portal.
  • Use the WildFire API to submit DEX files to the WildFire public cloud. You can continue to use the WildFire API to retrieve verdicts and analysis reports for DEX files.