You can try the below steps.
1. Go to Control Panel, Default Programs, Associate a file type or protocol with a program
2. Then set the default program correctly as shown below.
3. You will have to change the program to C:\Windows\System32\wscript.exe to open the script file.
Refer below KB link for more details.
based on the ATD Product Guide (ATD_3.6.0_Product_Guide_revA.pdf, Table 8-1 on page 282) you can see the following information.
vb, vba, vbe, vb Files are supported for Static Analysis but not for dynamic Analysis.
Page 228 shows wich engines and technologies are used for static analysis: Global Whitelist, Local Blacklist, McAfee GTI, Gateway Anti-Malware (GAM), Custom Yara Scanner and Anti-Malware.
GAM is perfect for Script analysis. GAM is able to look for the obfuscation and encryption mechanism of an script, and much more. GAM emultates a virtual CPU in memory is does much fancy stuff. :-)
Therefore, analyzing the file types in XMode (Dynamic Analysis) will make no difference when analyzing that file.
Just one thing i´m not shure, what happens if the script downloads and drops a file......
Hope this helps,
Ups, yes, you are right..... saw the info for JPG Files as a headline.... :-(
Do you have a sample to analyze??
Please try the previously suggested steps for associating the file type with a default program. For this below steps needs to be followed.
1. Delete the Analyzer Profile
2. Delete the VM Profile
3. New VM Profile with same VM that you deleted in Step 2.
4. Click on Activate button under New VM Profile and make the suggested changes.
5. Shutdown the VM from Start menu.
6. Enter the Maximum license value
7. Click on Save.
8. Create a new Analyzer Profile using VM Profile created in Step 7.
9. Submit a sample in X-Mode and verify whether it is opening with correct application or not.
will test it next week also in my environment.
You can take this same image that is shown in the illustration above when analyzing it in ATD.
The only problem is I do not know how to insert it here.
Would like to inform you that this issue has been fixed and fix will be available in upcoming release.