Palo Alto Test a Sample Malware File

Step 1:
Download one of the malware test files. You can select from PE, APK, MacOSX, and ELF.

If you have SSL decryption enabled on the firewall, use one of the following URLs:
PE—https://wildfire.paloaltonetworks.com/publicapi/test/pe
APK—https://wildfire.paloaltonetworks.com/publicapi/test/apk
MacOSX—https://wildfire.paloaltonetworks.com/publicapi/test/macos
ELF—https://wildfire.paloaltonetworks.com/publicapi/test/elf

If you do not have SSL decryption enabled on the firewall, use one of the following URLs instead:
PE—http://wildfire.paloaltonetworks.com/publicapi/test/pe
APK—http://wildfire.paloaltonetworks.com/publicapi/test/apk
MacOSX—http://wildfire.paloaltonetworks.com/publicapi/test/macos
ELF—http://wildfire.paloaltonetworks.com/publicapi/test/elf

The test file is named wildfire-test-file_type-file.exe and each test file has a unique SHA-256 hash value.

Step 2:
On the firewall web interface, select Monitor>WildFire Submissions to confirm that the file was forwarded for analysis.

It might take about five minutes for analysis results to be displayed for the file on the WildFire Submissions page. The verdict for the test file will always display as malware.

More Stories
Palo Alto – Security Event IDS from Active Directory Used with User-ID Agent