Note: Depending on the selected VM, the amount of supported file types may vary and the limit size is set up to 500MB. If you submit a file whose type is not supported, the analysis will cancel immediately and you should see the following error message on the submission page:

Error, file format was not recognized for file.unk. All supported file formats are listed on /faq/. You can also try to rename the file extension or specify an environment to use in "Advanced" -> "Specific launch environment"

You have the possibility in the web interface to submit a (single) file inside a password protected ZIP or RAR archive. It should bypass your antivirus / firewall scanning process. For the archive password, please use one of the industry standard such as "infected", "virus" or "malware".

On the same theme, please note that all material that you download from the web interface (dumps, samples) is put inside a password protected archive. The archive password is "infected".

The upload limit for a single file is currently set to 5242.88 MB on this server. Any file bigger than this limit will be discarded. A limit on the amount of submitted files per day may also be set by the local administrator. Please refer to your account details.

Currently, the only way to submit multiple files at once is to use the advanced upload form. There, you can either drag 'n drop multiple files or select multiple files after clicking the Add Files button. A status screen displaying the ongoing progress of analyses will be displayed.
If you want to upload multiple files in the sandbox for one analysis you must use the free mode option that you can activate on the advanced upload form and submit your archive file containing all your files. You will be able to unzip them inside the sandbox.

The best way to analyze large batches of files is to do it via the API. If your are not interested in dumps data but only in the scan result, scan using the light mode in order to save bandwidth, especially for very large batches.

This is a tricky question. You want to let enough time in order for the malware to execute its payload. But each malware is different:

1. - Some malware execute their payload immediately
2. - Some malware try to avoid sandbox/antivirus detection by staying dormant for a large amount of time before executing their payload
3. - Some malware require a lot of time because their are heavily obfuscated/are packed multiple times
4. - Some malware are actually doing a lot of CPU-heavy operations

For the other categories of malware, there is no rule of thumb. But keep in mind that malware authors want their creation to remain unnoticed. Since a heavy CPU usage is likely to get noticed by the user, they tend to avoid to resort to such methods. That's why a timeout of 10 minutes should be more than enough in 99,9% of the cases.

By using the search interface, you are able to list all the analysis present in the web interface, matching a given set of search criteria:

Please note that only the analysis that you are allowed to see will be listed (i.e. your analyses + the public analyses).