10.2 Sandbox lookup

This is a BETA version. The API might change without notice.

Request

Value

Method

GET

URL

https://api.metadefender.com/v4/sandbox/:sandboxId

Summary

Retrieve the sandbox entry for the :sandboxId. Can be polled to get the result of the sandbox scan. If the response contains sandbox_response, the scan has finished.

Request

URL Parameters

 

Description

Example

:sandboxId

the "_id" field received when scanning a file with the sandbox

5c6be85931fa55001e5e194d

Header Parameters

 

Description

Allowed Values

Required

apikey

gives rights to use the endpoint (token authentication) (API Authentication Mechanisms)

apikey

YES

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of a successful request:

{
"md5": "CD1DA8C0332DD43BCB4DA69033B4624D",
"sha1": "AAA1C1CF2E78F64C0894EBC568B145039BB06DC3",
"sha256": "A4512C42AAC49E253F7F1F2BF44759704F98F5ADE4F13AA664D71AF4B830DB1D",
"scan_results": {
"scan_all_result_i": 0,
"scan_all_result_a": "No threat detected"
},
"mapping": {
"infection_score": 4,
"signatures": [
{
"score": "2",
"family": "Ransomware",
"id": "0"
},
{
"score": "0",
"family": "Spreading",
"id": "1"
},
{
"score": "0",
"family": "Phishing",
"id": "2"
},
{
"score": "0",
"family": "Banker",
"id": "3"
},
{
"score": "2",
"family": "Trojan / Bot",
"id": "4"
},
{
"score": "0",
"family": "Adware",
"id": "5"
},
{
"score": "0",
"family": "Spyware",
"id": "6"
},
{
"score": "0",
"family": "Exploiter",
"id": "7"
},
{
"score": "3",
"family": "Evader",
"id": "8"
},
{
"score": "0",
"family": "Miner",
"id": "9"
}
],
"network": {},
"processes": [
{
"section": {
"loaded": [
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\WSOCK32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\kernel32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\KERNELBASE.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "C:\\Windows\\System32\\wsock32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\WS2_32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\msvcrt.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\RPCRT4.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\NSI.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\SHLWAPI.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\GDI32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\USER32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\LPK.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\USP10.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\ADVAPI32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "C:\\Windows\\System32\\sechost.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "C:\\Windows\\System32\\imm32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "C:\\Windows\\System32\\imm32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "C:\\Windows\\System32\\imm32.dll"
},
{
"return": "774B371E",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "\\KnownDlls\\MSCTF.dll"
}
]
},
"memory_activity": {
"allocation": [
{
"symbol": "LdrInitializeThunk",
"length": 2359296,
"base": "1F0000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 8192,
"base": 330000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 4096,
"base": 332000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 4096,
"base": 333000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 4096,
"base": 334000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 16384,
"base": 335000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 225280,
"base": 339000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 4096,
"base": 370000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 720896,
"base": "1F0000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 8192,
"base": 290000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 16384,
"base": 292000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 1048576,
"base": 430000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 229376,
"base": 430000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 4096,
"base": 371000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 4096,
"base": 372000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 851968,
"base": 530000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 8192,
"base": 580000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 4096,
"base": 373000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 8192,
"base": 374000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "LdrInitializeThunk",
"length": 4096,
"base": 376000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "HeapCreate",
"length": 851968,
"base": "1D20000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "HeapCreate",
"length": 8192,
"base": "1DE0000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "InitializeCriticalSectionAndSpinCount",
"length": 4096,
"base": 377000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "RtlAllocateHeap",
"length": 4096,
"base": "1DE2000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "GetEnvironmentStringsW",
"length": 4096,
"base": 378000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "RtlAllocateHeap",
"length": 4096,
"base": "1DE3000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "RtlAllocateHeap",
"length": 16384,
"base": "1DE4000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "RtlAllocateHeap",
"length": 1048576,
"base": "1DF0000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "RtlAllocateHeap",
"length": 229376,
"base": "1DF0000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "SetEnvironmentVariableA",
"length": 4096,
"base": 379000,
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "SetEnvironmentVariableA",
"length": 4096,
"base": "37A000",
"value": null,
"threadid": 304,
"pid": 2404
},
{
"symbol": "RtlAllocateHeap",
"length": 8192,
"base": "1DE8000",
"value": null,
"threadid": 304,
"pid": 2404
}
]
},
"registrykey_activity": {
"open": [
{
"status": "success or wait",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
},
{
"status": "success or wait",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager"
},
{
"status": "object name not found",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option"
},
{
"status": "object name not found",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL"
},
{
"status": "success or wait",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers"
},
{
"status": "object name not found",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers"
},
{
"status": "success or wait",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions"
},
{
"status": "success or wait",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager"
},
{
"status": "object name not found",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Error Message Instrument\\"
},
{
"status": "success or wait",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
},
{
"status": "success or wait",
"symbol": "RtlExitUserProcess",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
},
{
"status": "success or wait",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE"
},
{
"status": "success or wait",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
},
{
"status": "object name not found",
"symbol": "LdrInitializeThunk",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Diagnostics"
}
]
},
"filesystem_activity": {
"file_opened": [
{
"path": "C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.conf",
"symbol": "CreateFileA",
"status": "object name not found",
"value": null,
"threadid": 304,
"pid": null
},
{
"path": "C:\\Users\\user\\Desktop\\",
"symbol": "LdrInitializeThunk",
"status": "success or wait",
"value": null,
"threadid": 304,
"pid": null
},
{
"path": "C:\\Windows\\system32\\WSOCK32.dll",
"symbol": "LdrInitializeThunk",
"status": "success or wait",
"value": null,
"threadid": 304,
"pid": null
},
{
"path": "C:\\Windows\\SYSTEM32\\sechost.dll",
"symbol": "LdrInitializeThunk",
"status": "success or wait",
"value": null,
"threadid": 304,
"pid": null
},
{
"path": "C:\\Windows\\system32\\IMM32.DLL",
"symbol": "LdrInitializeThunk",
"status": "success or wait",
"value": null,
"threadid": 304,
"pid": null
},
{
"path": "C:\\Windows\\system32\\IMM32.DLL",
"symbol": "LdrInitializeThunk",
"status": "success or wait",
"value": null,
"threadid": 304,
"pid": null
},
{
"path": "C:\\Windows\\system32\\IMM32.DLL",
"symbol": "LdrInitializeThunk",
"status": "success or wait",
"value": null,
"threadid": 304,
"pid": null
}
]
},
"start_time": null,
"size": 593480,
"is_admin": true,
"cmd": "'C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.exe' ",
"path": "C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.exe",
"parent_pid": 2772,
"pid": 2404
}
],
"description": "Windows 7 x64 with Office 2016, Java 8 Update 201, Acrobat Reader DC 19, Flash ActiveX 32, Internet Explorer 11, Chrome 71",
"start_time": "2019-02-19T12:28:52.000Z"
},
"sandbox_id": "5c6be85931fa55001e5e194d",
"rescan_available": true
}

Example of a failed request:

{
"error": {
"code": 404001,
"messages": [
"Entity was not found"
]
}
}

Descriptions of responses:

apikey

t he apikey that initiated the request

mapping

the parsed JSON from the detailed sandbox response

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": [
"api",
"metadefender",
"com"
],
"path": [
"v4",
"sandbox",
"5c6be85931fa55001e5e194d"
],
"headers": {
"apikey": process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
https://api.metadefender.com/v4/sandbox/5c6be85931fa55001e5e194d \
-H "apikey: ${APIKEY}"