10.2 Sandbox lookup

This is a BETA version. The API might change without notice.

Request

Value

Method

GET

URL

https://api.metadefender.com/v4/sandbox/:sandboxId

Summary

Retrieve the sandbox entry for the :sandboxId. Can be polled to get the result of the sandbox scan. If the response contains sandbox_response, the scan has finished.

Request

URL Parameters

 

Description

Example

:sandboxId

the "_id" field received when scanning a file with the sandbox

5c6be85931fa55001e5e194d

Header Parameters

 

Description

Allowed Values

Required

apikey

gives rights to use the endpoint (token authentication) (API Authentication Mechanisms)

apikey

YES

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of a successful request:

{
"_id": "5c6be85931fa55001e5e194d",
"apikey": "40****************************bd",
"md5": "CD1DA8C0332DD43BCB4DA69033B4624D",
"sha1": "AAA1C1CF2E78F64C0894EBC568B145039BB06DC3",
"sha256": "A4512C42AAC49E253F7F1F2BF44759704F98F5ADE4F13AA664D71AF4B830DB1D",
"dataId": "bzE5MDIwN3J5N0pOZHVZVkVIMVZKVmRkSzRW",
"webid": "435",
"scan_results": {
"scan_all_result_i": 0
},
"mapping": {
"infection_score": 4,
"signatures": [
{
"score": "2",
"family": "Ransomware",
"id": "0"
},
{
"score": "0",
"family": "Spreading",
"id": "1"
},
{
"score": "0",
"family": "Phishing",
"id": "2"
},
{
"score": "0",
"family": "Banker",
"id": "3"
},
{
"score": "2",
"family": "Trojan / Bot",
"id": "4"
},
{
"score": "0",
"family": "Adware",
"id": "5"
},
{
"score": "0",
"family": "Spyware",
"id": "6"
},
{
"score": "0",
"family": "Exploiter",
"id": "7"
},
{
"score": "3",
"family": "Evader",
"id": "8"
},
{
"score": "0",
"family": "Miner",
"id": "9"
}
],
"network": {
"tcp": [
{
"destination":"8.8.8.8",
"source":"192.168.3.4",
"time":"Feb 21, 2019 10:18:56.755434036 CET"
},
{
"destination":"192.168.3.4",
"source":"8.8.8.8",
"time":"Feb 21, 2019 10:18:56.783014059 CET"
}
]
},
"processes": [
{
"section": {
"loaded": [
{
"return": "774B371E",
"threadid": 304,
"path": "\\KnownDlls\\WSOCK32.dll"
},
{
"return": "774B371E",
"threadid": 304,
"path": "\\KnownDlls\\kernel32.dll"
}
]
},
"memory_activity": {
"allocation": [
{
"length": 2359296,
"base": "1F0000",
"threadid": 304,
"pid": 2404
},
{
"length": 8192,
"base": 330000,
"threadid": 304,
"pid": 2404
}
]
},
"registrykey_activity": {
"open": [
{
"status": "success or wait",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
},
{
"status": "success or wait",
"threadid": 304,
"path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager"
}
]
},
"filesystem_activity": {
"file_opened": [
{
"path": "C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.conf",
"status": "object name not found",
"threadid": 304,
},
{
"path": "C:\\Users\\user\\Desktop\\",
"status": "success or wait",
"threadid": 304,
}
]
},
"start_time": null,
"size": 593480,
"is_admin": true,
"cmd": "'C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.exe' ",
"path": "C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.exe",
"parent_pid": 2772,
"pid": 2404
}
],
"description": "Windows 7 x64 with Office 2016, Java 8 Update 201, Acrobat Reader DC 19, Flash ActiveX 32, Internet Explorer 11, Chrome 71",
"start_time": "2019-02-19T12:28:52.000Z"
}
}

Example of a failed request:

{
"success": false,
"error": {
"code": 404001,
"messages": [
"Entity was not found"
]
}
}

Descriptions of responses:

apikey

t he apikey that initiated the request

mapping

the parsed JSON from the detailed sandbox response

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": [
"api",
"metadefender",
"com"
],
"path": [
"v4",
"sandbox",
"5c6be85931fa55001e5e194d"
],
"headers": {
"apikey": process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
https://api.metadefender.com/v4/sandbox/5c6be85931fa55001e5e194d \
-H "apikey: ${APIKEY}"