10.3 Hash lookup with sandbox

This is a BETA version. The API might change without notice.

Request

Value

Method

GET

URL

https://api.metadefender.com/v4/hash/:hash/sandbox

Summary

This endpoint retrieves the last dynamic analysis for the file identified by the parameter hash.

Request

URL Parameters

 

Description

Example

:hash

MD5, SHA1, or SHA256 of a file

AAA1C1CF2E78F64C0894EBC568B145039BB06DC3

Header Parameters

 

Description

Allowed Values

Required

apikey

gives rights to use the endpoint (token authentication) (API Authentication Mechanisms)

apikey

YES

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of a successful request:

{
"_id": "5c6e7feb81ad750597682b39",
"apikey": "40****************************bd",
"md5": "CD1DA8C0332DD43BCB4DA69033B4624D",
"sha1": "AAA1C1CF2E78F64C0894EBC568B145039BB06DC3",
"sha256": "A4512C42AAC49E253F7F1F2BF44759704F98F5ADE4F13AA664D71AF4B830DB1D",
"dataId": "bzE5MDIwN3J5N0pOZHVZVkVIMVZKVmRkSzRW",
"webid": "545",
"scan_results": {
"scan_all_result_i": 0
},
"mapping": {
"infection_score": 4,
"signatures": [
{
"score": "2",
"family": "Ransomware",
"id": "0"
},
{
"score": "0",
"family": "Spreading",
"id": "1"
}
],
"network": {},
"processes": [
{
"section": {
"loaded": [
{
"return": "774B371E",
"threadid": 2404,
"path": "\\KnownDlls\\WSOCK32.dll"
},
{
"return": "774B371E",
"threadid": 2404,
"path": "\\KnownDlls\\kernel32.dll"
}
]
},
"memory_activity": {
"allocation": [
{
"length": 1835008,
"base": 260000,
"threadid": 2404,
"pid": 2864
},
{
"length": 8192,
"base": 320000,
"threadid": 2404,
"pid": 2864
}
]
},
"registrykey_activity": {
"open": [
{
"status": "success or wait",
"threadid": 2404,
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
}
]
},
"filesystem_activity": {
"file_opened": [
{
"path": "C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.conf",
"status": "object name not found",
"threadid": 2404
},
{
"path": "C:\\Users\\user\\Desktop\\",
"status": "success or wait",
"threadid": 2404
}
]
},
"start_time": null,
"size": 593480,
"is_admin": true,
"cmd": "'C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.exe' ",
"path": "C:\\Users\\user\\Desktop\\TeamCityAgentService-windows-x86-64.exe",
"parent_pid": 1756,
"pid": 2864
}
],
"description": "Windows 7 x64 with Office 2016, Java 8 Update 201, Acrobat Reader DC 19, Flash ActiveX 32, Internet Explorer 11, Chrome 71",
"start_time": "2019-02-21T11:40:15.000Z"
}
}

Example of a failed request:

{
"error": {
"code": 400064,
"messages": [
"The hash value is not valid"
]
}
}

Descriptions of responses:

apikey

t he apikey that initiated the request

sandbox_response

the response from the sandbox

mapping

the parsed JSON from the detailed sandbox response

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": [
"api",
"metadefender",
"com"
],
"path": [
"v4",
"hash",
"AAA1C1CF2E78F64C0894EBC568B145039BB06DC3",
"sandbox"
],
"headers": {
"apikey": process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
https://api.metadefender.com/v4/hash/AAA1C1CF2E78F64C0894EBC568B145039BB06DC3/sandbox \
-H "apikey: ${APIKEY}"