10.3 Hash lookup with sandbox
This is a BETA version. The API might change without notice.
|
Request |
Value |
|
Method |
GET |
|
URL |
https://api.metadefender.com/v4/hash/:hash/sandbox |
Summary
This endpoint retrieves the last dynamic analysis for the file identified by the parameter hash.
Request
URL Parameters
|
|
Description |
Example |
|
:hash |
MD5, SHA1, or SHA256 of a file |
AAA1C1CF2E78F64C0894EBC568B145039BB06DC3 |
Header Parameters
|
|
Description |
Allowed Values |
Required |
|
apikey |
gives rights to use the endpoint (token authentication) (API Authentication Mechanisms) |
apikey |
YES |
Response
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of a successful request:
{ "_id": "5c6e7feb81ad750597682b39", "apikey": "40****************************bd", "md5": "CD1DA8C0332DD43BCB4DA69033B4624D", "sha1": "AAA1C1CF2E78F64C0894EBC568B145039BB06DC3", "sha256": "A4512C42AAC49E253F7F1F2BF44759704F98F5ADE4F13AA664D71AF4B830DB1D", "dataId": "bzE5MDIwN3J5N0pOZHVZVkVIMVZKVmRkSzRW", "webid": "545", "scan_results": { "scan_all_result_i": 0 }, "mapping": { "infection_score": 4, "signatures": [ { "score": "2", "family": "Ransomware", "id": "0" }, { "score": "0", "family": "Spreading", "id": "1" } ], "network": {}, "processes": [ { "section": { "loaded": [ { "return": "774B371E", "threadid": 2404, "path": "\\KnownDlls\\WSOCK32.dll" }, { "return": "774B371E", "threadid": 2404, "path": "\\KnownDlls\\kernel32.dll" } ] }, "memory_activity": { "allocation": [ { "length": 1835008, "base": 260000, "threadid": 2404, "pid": 2864 }, { "length": 8192, "base": 320000, "threadid": 2404, "pid": 2864 } ] }, "registrykey_activity": { "open": [ { "status": "success or wait", "threadid": 2404, "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options" } ] }, "filesystem_activity": { "file_opened": [ { "path": "C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.conf", "status": "object name not found", "threadid": 2404 }, { "path": "C:\\Users\\user\\Desktop\\", "status": "success or wait", "threadid": 2404 } ] }, "start_time": null, "size": 593480, "is_admin": true, "cmd": "'C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.exe' ", "path": "C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.exe", "parent_pid": 1756, "pid": 2864 } ], "description": "Windows 7 x64 with Office 2016, Java 8 Update 201, Acrobat Reader DC 19, Flash ActiveX 32, Internet Explorer 11, Chrome 71", "start_time": "2019-02-21T11:40:15.000Z" }}Example of a failed request:
{ "error": { "code": 400064, "messages": [ "The hash value is not valid" ] }}Descriptions of responses:
|
apikey |
t he apikey that initiated the request |
|
sandbox_response |
the response from the sandbox |
|
mapping |
the parsed JSON from the detailed sandbox response |
Sample code (Node.js)
var http = require("https");var options = { "method": "GET", "hostname": [ "api", "metadefender", "com" ], "path": [ "v4", "hash", "AAA1C1CF2E78F64C0894EBC568B145039BB06DC3", "sandbox" ], "headers": { "apikey": process.env.APIKEY }};var req = http.request(options, function (res) { var chunks = []; res.on("data", function (chunk) { chunks.push(chunk); }); res.on("end", function () { var body = Buffer.concat(chunks); console.log(body.toString()); });});req.end();Sample code (cURL)
curl -X GET \ https://api.metadefender.com/v4/hash/AAA1C1CF2E78F64C0894EBC568B145039BB06DC3/sandbox \ -H "apikey: ${APIKEY}"