See Detailed Results
Get Work ID
In the previous step, we used the ctx-scan tool for convenience to upload the test file multiple times. This time we will submit it in a way, that will allow us to explore additional details:
ctx work submit Contextal-Test-File.pdf
On the output you will get the work's id such as U0gTdxvGcG4D73MTHCtYpswr.
Get Graph
Now run this command, using the id you obtained:
ctx work graph U0gTdxvGcG4D73MTHCtYpswr --pretty
You should receive the following output:
tip
Before you get scared, check how this data gets visualised in Contextal Console here!
{
"U0gTdxvGcG4D73MTHCtYpswr": {
"ctime": 1730925751.246853,
"hashes": {
"md5": "0f24399d723a4eb008133797b18b86e6",
"sha1": "fac1121caacc67f1547aaae62dfe7a8e40b3bcf6",
"sha256": "b56c2c22898e22531a6f9bcc2afda47e0d4e54a48f54a963094f8cdeec071319",
"sha512": "41d3686a8cff4f4ba68d62f84df1d6dca75b38fd49c2bd5854fa24c65b427cd1afde312b2cd9d0de4afe642e8725074e41fc7a233a7d6cb428c695ced62d52b5"
},
"object_id": "b56c2c22898e22531a6f9bcc2afda47e0d4e54a48f54a963094f8cdeec071319",
"object_subtype": null,
"object_type": "PDF",
"ok": {
"children": [
{
"ctime": 1730925751.246853,
"hashes": {
"md5": "09c53417cb169d75c62ff0ab5acd5458",
"sha1": "6cdb2e344f46a1712d49f5e4d3998017e7a59d5b",
"sha256": "f819957409ade5c078afbd94c6d9015d7f40dd01e0561e062f14158041a25f42",
"sha512": "49ecd73f9a8de81d37d44e6fd94e59d1bf65b8747e7c0a68f3dc4eb74a9c7a17f3d4be52a3ecfd48d9a433ba5ba41d1131988739c62e0f909f07adfc35345cbe"
},
"object_id": "f819957409ade5c078afbd94c6d9015d7f40dd01e0561e062f14158041a25f42",
"object_subtype": "PNG",
"object_type": "Image",
"ok": {
"children": [],
"object_metadata": {
"_backend_version": "1.0.0",
"format": "png",
"height": 1376,
"nsfw_predictions": {
"Drawings": 0.004388,
"Hentai": 0.006384,
"Neutral": 0.989022,
"Porn": 3e-05,
"Sexy": 0.000176
},
"nsfw_verdict": "Neutral",
"pixel_format": "RGBA8",
"width": 1106
},
"symbols": []
},
"org": "ctx",
"recursion_level": 2,
"relation_metadata": {
"Image": {
"object_index": 0,
"page_index": 0
}
},
"size": 291316
},
{
"ctime": 1730925751.246853,
"hashes": {
"md5": "c5ae0e7a247fb4081e70ef0206ef847b",
"sha1": "61bbd376e4cb0359916f250f0545069169db0190",
"sha256": "47a1eb2a704c587d3d7dd966006fa2b54c5fe4114ce24abb0ccafdbebe21d9fa",
"sha512": "a575be51f1342d749a76df2c959e95781192de9ac50a2910328729ea699b621dedc24644650bf6e198307fba8ad50b3810cde77c595a60681efaf9986ff95be9"
},
"object_id": "47a1eb2a704c587d3d7dd966006fa2b54c5fe4114ce24abb0ccafdbebe21d9fa",
"object_subtype": null,
"object_type": "HTML",
"ok": {
"children": [
{
"ctime": 1730925751.246853,
"hashes": {
"md5": "e6085fca3229cd3561adaf6e175565c8",
"sha1": "b202329e845e83ca8ddd220ee987c127437b4ec0",
"sha256": "0e32d9dd455b7152373bd48f257e291aad343201a5cbd2080e851c3ee9130cff",
"sha512": "2cd17893cb9077de36672cf556b757faaad0cc086540e2d086c0d698f019abbe8f31e9f951130c0ac9c73bf78b6c93a7fc4d914f8ffe71de374e7846698227e4"
},
"object_id": "0e32d9dd455b7152373bd48f257e291aad343201a5cbd2080e851c3ee9130cff",
"object_subtype": null,
"object_type": "CDFS",
"ok": {
"children": [
{
"ctime": 1730925751.246853,
"hashes": {
"md5": "0b209ac61cfb12d37f7f8c5ae3757937",
"sha1": "6a8dd3e554e61f61a95148b137b1b10cee67e50f",
"sha256": "ee646e588d22ef9d01b4e3b9f12672f1229cd461c79ddee707ad972e88fd29e8",
"sha512": "206199c2ee51cb58f518e4587011e9d0e20f9a0b412779af96151104ba78c6fec8a343891f077708971582c0cf74b45f4c1d3ce21b680e67fe89db84ccfefd9c"
},
"object_id": "ee646e588d22ef9d01b4e3b9f12672f1229cd461c79ddee707ad972e88fd29e8",
"object_subtype": null,
"object_type": "PE",
"ok": {
"children": [],
"object_metadata": {
"_backend_version": "1.0.0",
"optional_header": {
"AddressOfEntryPoint": 4982,
"BaseOfCode": 4096,
"BaseOfData": 8192,
"CheckSum": 0,
"DataDirectories": [
{
"Size": 88,
"VirtualAddress": 9712
},
{
"Size": 100,
"VirtualAddress": 9800
},
{
"Size": 248,
"VirtualAddress": 16384
},
{
"Size": 0,
"VirtualAddress": 0
},
{
"Size": 0,
"VirtualAddress": 0
},
{
"Size": 368,
"VirtualAddress": 20480
},
{
"Size": 112,
"VirtualAddress": 8616
},
{
"Size": 0,
"VirtualAddress": 0
},
{
"Size": 0,
"VirtualAddress": 0
},
{
"Size": 0,
"VirtualAddress": 0
},
{
"Size": 64,
"VirtualAddress": 8424
},
{
"Size": 0,
"VirtualAddress": 0
},
{
"Size": 108,
"VirtualAddress": 8192
},
{
"Size": 0,
"VirtualAddress": 0
},
{
"Size": 0,
"VirtualAddress": 0
},
{
"Size": 0,
"VirtualAddress": 0
}
],
"DllCharacteristics": 320,
"FileAlignment": 512,
"ImageBase": 268435456,
"LoaderFlags": 0,
"Magic": 267,
"MagicStr": "PE32",
"MajorImageVersion": 0,
"MajorLinkerVersion": 14,
"MajorOperatingSystemVersion": 6,
"MajorSubsystemVersion": 6,
"MinorImageVersion": 0,
"MinorLinkerVersion": 41,
"MinorOperatingSystemVersion": 0,
"MinorSubsystemVersion": 0,
"NumberOfRvaAndSizes": 16,
"SectionAlignment": 4096,
"SizeOfCode": 4096,
"SizeOfHeaders": 1024,
"SizeOfHeapCommit": 4096,
"SizeOfHeapReserve": 1048576,
"SizeOfImage": 24576,
"SizeOfInitializedData": 4608,
"SizeOfStackCommit": 4096,
"SizeOfStackReserve": 1048576,
"SizeOfUninitializedData": 0,
"Subsystem": 2,
"SubsystemStr": "Windows GUI subsystem",
"Win32VersionValue": 0
},
"pe_header": {
"Characteristics": 8450,
"CharacteristicsSymbols": [
"EXECUTABLE_IMAGE",
"32BIT_MACHINE",
"DLL"
],
"Machine": 332,
"MachineStr": "x86",
"NumberOfSections": 5,
"NumberOfSymbols": 0,
"PointerToSymbolTable": 0,
"SizeOfOptionalHeader": 224,
"TimeDateStamp": 1730395850,
"TimeDateStampString": "2024-10-31 17:30:50 UTC"
},
"section_headers": [
{
"Characteristics": 1610612768,
"CharacteristicsSymbols": [
"CNT_CODE",
"MEM_EXECUTE",
"MEM_READ"
],
"Name": ".text",
"NumberOfLinenumbers": 0,
"NumberOfRelocations": 0,
"PointerToLinenumbers": 0,
"PointerToRawData": 1024,
"PointerToRelocations": 0,
"SizeOfRawData": 4096,
"VirtualAddress": 4096,
"VirtualSize": 3684
},
{
"Characteristics": 1073741888,
"CharacteristicsSymbols": [
"CNT_INITIALIZED_DATA",
"MEM_READ"
],
"Name": ".rdata",
"NumberOfLinenumbers": 0,
"NumberOfRelocations": 0,
"PointerToLinenumbers": 0,
"PointerToRawData": 5120,
"PointerToRelocations": 0,
"SizeOfRawData": 2560,
"VirtualAddress": 8192,
"VirtualSize": 2406
},
{
"Characteristics": 3221225536,
"CharacteristicsSymbols": [
"CNT_INITIALIZED_DATA",
"MEM_READ",
"MEM_WRITE"
],
"Name": ".data",
"NumberOfLinenumbers": 0,
"NumberOfRelocations": 0,
"PointerToLinenumbers": 0,
"PointerToRawData": 7680,
"PointerToRelocations": 0,
"SizeOfRawData": 512,
"VirtualAddress": 12288,
"VirtualSize": 988
},
{
"Characteristics": 1073741888,
"CharacteristicsSymbols": [
"CNT_INITIALIZED_DATA",
"MEM_READ"
],
"Name": ".rsrc",
"NumberOfLinenumbers": 0,
"NumberOfRelocations": 0,
"PointerToLinenumbers": 0,
"PointerToRawData": 8192,
"PointerToRelocations": 0,
"SizeOfRawData": 512,
"VirtualAddress": 16384,
"VirtualSize": 248
},
{
"Characteristics": 1107296320,
"CharacteristicsSymbols": [
"CNT_INITIALIZED_DATA",
"MEM_DISCARDABLE",
"MEM_READ"
],
"Name": ".reloc",
"NumberOfLinenumbers": 0,
"NumberOfRelocations": 0,
"PointerToLinenumbers": 0,
"PointerToRawData": 8704,
"PointerToRelocations": 0,
"SizeOfRawData": 512,
"VirtualAddress": 20480,
"VirtualSize": 368
}
]
},
"symbols": []
},
"org": "ctx",
"recursion_level": 4,
"relation_metadata": {
"interleaved": false,
"iso_vol": 0,
"name": "/HELLO.DLL",
"ord": 0,
"t": "2024-10-31 18:30:50.0 +01:00:00"
},
"size": 9216
},
{
"ctime": 1730925751.246853,
"hashes": {
"md5": "2f07ee92a47701f23960179726cdbb61",
"sha1": "ccfa9745b0bd3ddb15a56fbe7a69633048c792c1",
"sha256": "6944f323e2612a0a19f54eb9e24cc608315f0b9d74645124d1d8867b246bc09b",
"sha512": "4a8ad9808ee0a87d1e048c493c537b1cdb9d528a7445b90dbdb257deace4c1d595195135a41764bb14267cd4cd2997b7c5b49312ec07a579bc248c1dec325008"
},
"object_id": "6944f323e2612a0a19f54eb9e24cc608315f0b9d74645124d1d8867b246bc09b",
"object_subtype": null,
"object_type": "LNK",
"ok": {
"children": [],
"object_metadata": {
"_backend_version": "1.0.0",
"extra_data": [
{
"SpecialFolderDataBlock": {
"block_signature": 2684354565,
"block_size": 16,
"offset": 221,
"special_folder_id": 37
}
},
{
"KnownFolderDataBlock": {
"block_signature": 2684354571,
"block_size": 28,
"known_folder_id": "1ac14e77-02e7-4e5d-b744-2eb1ae5198b7",
"offset": 221
}
},
{
"TrackerDataBlock": {
"block_signature": 2684354563,
"block_size": 96,
"droid": [
"57219d78-08e3-4a41-94e7-09956a60e445",
"0b32d2ae-97a4-11ef-b89c-080027a6d07f"
],
"droid_birth": [
"57219d78-08e3-4a41-94e7-09956a60e445",
"0b32d2ae-97a4-11ef-b89c-080027a6d07f"
],
"length": 88,
"machine_id": "desktop-tja11ht",
"version": 0
}
},
{
"IconEnvironmentDataBlock": {
"block_signature": 2684354567,
"block_size": 788,
"target_ansi": "%SystemRoot%\\System32\\shell32.dll",
"target_unicode": "%SystemRoot%\\System32\\shell32.dll"
}
},
{
"PropertyStoreDataBlock": {
"block_signature": 2684354569,
"block_size": 581,
"property_store": {
"serialized_property_storage": [
{
"format_id": "dabd30ed-0043-4789-a7f8-d013a4736622",
"serialized_property_value": [
{
"IntegerName": {
"id": 100,
"reserved": 0,
"value": {
"LPWStr": "System32 (C:\\Windows)"
},
"value_size": 61
}
}
],
"storage_size": 89,
"version": 1397773105
},
{
"format_id": "46588ae2-4cbc-4338-bbfc-139326986dce",
"serialized_property_value": [
{
"IntegerName": {
"id": 4,
"reserved": 0,
"value": {
"LPWStr": "S-1-5-21-1505176473-896487679-83895742-1001"
},
"value_size": 105
}
}
],
"storage_size": 133,
"version": 1397773105
},
{
"format_id": "b725f130-47ef-101a-a5f1-02608c9eebac",
"serialized_property_value": [
{
"IntegerName": {
"id": 10,
"reserved": 0,
"value": {
"LPWStr": "rundll32.exe"
},
"value_size": 45
}
},
{
"IntegerName": {
"id": 15,
"reserved": 0,
"value": {
"Filetime": "2024-07-23 12:47:28.0 +00:00:00"
},
"value_size": 21
}
},
{
"IntegerName": {
"id": 12,
"reserved": 0,
"value": {
"UI8": 89600
},
"value_size": 21
}
},
{
"IntegerName": {
"id": 4,
"reserved": 0,
"value": {
"LPWStr": "Application"
},
"value_size": 41
}
},
{
"IntegerName": {
"id": 14,
"reserved": 0,
"value": {
"Filetime": "2024-07-23 12:47:26.9436348 +00:00:00"
},
"value_size": 21
}
}
],
"storage_size": 177,
"version": 1397773105
},
{
"format_id": "28636aa6-953d-11d2-b5d6-00c04fd918d0",
"serialized_property_value": [
{
"IntegerName": {
"id": 30,
"reserved": 0,
"value": {
"LPWStr": "C:\\Windows\\System32\\rundll32.exe"
},
"value_size": 85
}
}
],
"storage_size": 113,
"version": 1397773105
},
{
"format_id": "446d16b1-8dad-4870-a748-402ea43d788c",
"serialized_property_value": [
{
"IntegerName": {
"id": 104,
"reserved": 0,
"value": {
"Clsid": "e6735803-0000-0000-0000-300300000000"
},
"value_size": 29
}
}
],
"storage_size": 57,
"version": 1397773105
}
],
"store_size": 0
}
}
}
],
"link_info": {
"common_network_relative_link_offset": 0,
"common_path_suffix": "",
"common_path_suffix_offset": 78,
"link_info_flags": [
"VolumeIDAndLocalBasePath"
],
"link_info_header_size": 28,
"link_info_size": 79,
"local_base_path": "C:\\Windows\\System32\\rundll32.exe",
"local_base_path_offset": 45,
"volume_id": {
"drive_serial_number": 2049736338,
"drive_type": "DRIVE_FIXED",
"volume_id_size": 17,
"volume_label": "",
"volume_label_offset": 16
},
"volume_id_offset": 28
},
"link_target_id_list": {
"id_list": {
"item_id_list": [
{
"RootFolderItem": {
"class_type": "0x1F",
"description": "My Computer (Computer)",
"shell_folder_id": "20d04fe0-3aea-1069-a2d8-08002b30309d",
"sort_index": 80
}
},
{
"VolumeShellItem": {
"blob": "0x2F433A5C00000000000000000000000000000000000000",
"class_type": "0x2F",
"flags": "0x0F",
"name": "C:\\"
}
},
{
"FileEntryShellItem": {
"class_type": "0x31",
"extension": [],
"file_attributes": 16,
"file_size": 0,
"flags": "0x01",
"modification_time": "2024-07-24 9:32:04.0 +00:00:00",
"primary_name": {
"ANSI": "Windows"
},
"secondary_name": {
"ANSI": "@"
}
}
},
{
"FileEntryShellItem": {
"class_type": "0x31",
"extension": [],
"file_attributes": 16,
"file_size": 0,
"flags": "0x01",
"modification_time": "2024-10-31 16:30:42.0 +00:00:00",
"primary_name": {
"ANSI": "System32"
},
"secondary_name": {
"ANSI": "B"
}
}
},
{
"FileEntryShellItem": {
"class_type": "0x32",
"extension": [],
"file_attributes": 32,
"file_size": 89600,
"flags": "0x02",
"modification_time": "2024-07-23 12:47:28.0 +00:00:00",
"primary_name": {
"ANSI": "rundll32.exe"
},
"secondary_name": {
"ANSI": "J"
}
}
}
]
},
"id_list_size": 325
},
"shell_link_header": {
"access_time": "2024-10-31 17:17:34.0571063 +00:00:00",
"creation_time": "2024-07-23 12:47:26.9436348 +00:00:00",
"file_attributes_flag": [
"FILE_ATTRIBUTE_ARCHIVE"
],
"file_size": 89600,
"header_size": 76,
"hot_key": "None",
"icon_index": 1,
"link_clsid": "00021401-0000-0000-c000-000000000046",
"link_flags": [
"HasLinkTargetIDList",
"HasLinkInfo",
"HasRelativePath",
"HasArguments",
"HasIconLocation",
"IsUnicode",
"HasExpIcon",
"EnableTargetMetadata"
],
"reserved1": 0,
"reserved2": 0,
"reserved3": 0,
"show_command": "SW_SHOWNORMAL",
"write_time": "2024-07-23 12:47:26.9436348 +00:00:00"
},
"string_data": {
"command_line_arguments": "hello.dll,hello",
"icon_location": "C:\\Windows\\System32\\shell32.dll",
"relative_path": "..\\..\\..\\..\\..\\..\\Windows\\System32\\rundll32.exe"
}
},
"symbols": []
},
"org": "ctx",
"recursion_level": 4,
"relation_metadata": {
"interleaved": false,
"iso_vol": 0,
"name": "/INVOICE.LNK",
"ord": 1,
"t": "2024-10-31 18:20:48.0 +01:00:00"
},
"size": 2187
}
],
"object_metadata": {
"_backend_version": "1.0.0",
"iso9660": {
"bad_chains": false,
"bootable": false,
"has_loops": false,
"num_vols": 2,
"offset": 0,
"partitioned": false,
"sector_size": 2048,
"volumes": [
{
"abstract_file": "",
"application": "1337",
"bibliographic_file": "",
"block_size": 2048,
"copyright_file": "",
"creation_dt": "2024-11-04 15:05:55.82 +01:00:00",
"desc_type": "Primary",
"effective_dt": "2024-11-04 15:05:55.82 +01:00:00",
"expiration_dt": "",
"flags": 0,
"fs_ver": 1,
"id": "clickme",
"joliet": false,
"modification_dt": "2024-11-04 15:05:55.82 +01:00:00",
"preparer": "",
"publisher": "3v!lh4xx",
"seq": 1,
"set": "",
"set_size": 1,
"space_size": 187,
"system": "LINUX",
"version": 1
},
{
"abstract_file": "",
"application": "1337",
"bibliographic_file": "",
"block_size": 2048,
"copyright_file": "",
"creation_dt": "2024-11-04 15:05:55.82 +01:00:00",
"desc_type": "Enahanced",
"effective_dt": "2024-11-04 15:05:55.82 +01:00:00",
"expiration_dt": "",
"flags": 0,
"fs_ver": 1,
"id": "clickme",
"joliet": true,
"modification_dt": "2024-11-04 15:05:55.82 +01:00:00",
"preparer": "",
"publisher": "3v!lh4xx",
"seq": 1,
"set": "",
"set_size": 1,
"space_size": 187,
"system": "LINUX",
"version": 1
}
]
}
},
"symbols": [
"ISO9660",
"RFC2397"
]
},
"org": "ctx",
"recursion_level": 3,
"relation_metadata": {
"decoded_size": 382976,
"encoded_size": 510676,
"mime_type": "application/x-iso9660-image"
},
"size": 382976
}
],
"object_metadata": {
"_backend_version": "1.0.0",
"encoding": "utf-8",
"forms": [],
"href": [],
"img_data_src": [],
"img_src": [],
"input_types": [],
"lang": "en-US",
"scripts": [],
"tag_count": 2,
"tag_counters": {
"a": 1,
"title": 1
},
"unique_hosts": []
},
"symbols": []
},
"org": "ctx",
"recursion_level": 2,
"relation_metadata": {
"Attachment": {
"index": 0,
"name": "invoice.html"
}
},
"size": 510931
},
{
"ctime": 1730925751.246853,
"hashes": {
"md5": "d4eedad6edb3602d109bed3ded89dd34",
"sha1": "02eaf7974a857d1c8c1926981ddf4ec044736657",
"sha256": "febfdd4fc96fba982031a6b62a263b280e4ea25aaaf0755518afccd814082092",
"sha512": "97ee71c2ebc90fffa06e2b71207857119fd678af9d0d30844f1af464ceb0d786a1202b4f21f97939a491d1fdadc052a672fce6bd5a577391e4ebfe8f32b40efe"
},
"object_id": "febfdd4fc96fba982031a6b62a263b280e4ea25aaaf0755518afccd814082092",
"object_subtype": null,
"object_type": "Text",
"ok": {
"children": [],
"object_metadata": {
"_backend_version": "1.0.0",
"encoding": "utf-8",
"natural_language": "English",
"natural_language_profanity_count": 0,
"natural_language_sentiment": {
"compound": -0.9701721930828288,
"neg": 0.24022346368715083,
"neu": 0.7597765363128491,
"pos": 0.0
},
"number_of_ascii_range_chars": 536,
"number_of_characters": 537,
"number_of_digits": 0,
"number_of_newlines": 15,
"number_of_whitespaces": 80,
"number_of_words": 78,
"possible_passwords": [],
"uris": []
},
"symbols": [
"OCR"
]
},
"org": "ctx",
"recursion_level": 2,
"relation_metadata": {
"DocumentText": {}
},
"size": 539
}
],
"object_metadata": {
"_backend_version": "1.0.0",
"builtin_metadata": {
"creation_date": {
"parsed": [
2024,
305,
13,
5,
39,
0,
0,
0,
0
],
"raw": "D:20241031130539Z00'00'"
},
"creator": "Contextal",
"producer": "Contextal",
"title": "Contextal Platform Test File"
},
"embedded_thumbnails": [],
"fonts": [],
"form_type": "None",
"issues": [],
"number_of_annotations": {
"errors": 0,
"link": 0,
"other": 0,
"popup": 0,
"text": 0,
"total": 0,
"unsupported": 0,
"widget": 0,
"xfa_widget": 0
},
"number_of_attachments": {
"errors": 0,
"total": 1
},
"number_of_bookmarks": {
"errors": 0,
"total": 0,
"with_uris": 0
},
"number_of_links": {
"errors": 0,
"total": 0,
"with_action_embedded": 0,
"with_action_launch": 0,
"with_action_local": 0,
"with_action_remote": 0,
"with_action_unsupported": 0,
"with_action_uri": 0
},
"number_of_objects": {
"errors": 0,
"form_xobjects": 0,
"images": 1,
"shadings": 0,
"texts": 0,
"total": 1,
"unsupported": 0,
"vector_paths": 0
},
"number_of_pages": 1,
"number_of_unreadable_signatures": 0,
"paper_sizes_mm": [
{
"height": 297,
"standard_name": "A4",
"width": 210
}
],
"signatures": [],
"uris": [],
"version": "1.3"
},
"symbols": [
"NOTEXT"
]
},
"org": "ctx",
"recursion_level": 1,
"relation_metadata": {
"_origin": {
"max_recursion": 24,
"peer": "192.168.65.1",
"real_peer": "192.168.65.1",
"ttl": 3600
},
"name": "Contextal-Test-File.pdf"
},
"size": 139352
}
}
tip
All data in the object details can be used in search queries and scenarios!
Get Actions
To obtain the list of actions, which were triggered while processing the test file, run the following command once again providing the previous id:
ctx work actions U0gTdxvGcG4D73MTHCtYpswr --pretty
The expected output is:
[
{
"actions": [
{
"action": "BLOCK",
"ctime": 1730922819.623288,
"scenario": "Test-Scenario-PDF-Unsafe-Attachment"
},
{
"action": "ALERT",
"ctime": 1730922922.446695,
"scenario": "Test-Scenario-PDF-Campaign"
}
],
"t": 1730925752.016907,
"work_id": "U0gTdxvGcG4D73MTHCtYpswr"
}
]