5.1 Application Information Lookup

Request

Value

Method

GET

URL

https://api.metadefender.com/v4/appinfo/:hash

Summary

OPSWAT MetaAccess application information

When doing a hash lookup, if the body of the response contains the "additional_info" field (array) containing the "appinfo", it means that this particular hash has Application Information associated and can be retrieved using this endpoint:

additional_info: ["appinfo"]

Request

HTTP URL parameters

 

Description

Example

:hash

The hash value for which you need OESIS info (MD5/SHA1/SHA256)

B075602CF6BCB3284C44A640DAFFA49CC5AA8F469A20E4B242F2DDE85FCB4DBE

HTTP Header Parameters

 

Description

Allowed Values

Required

apikey

gives rights to use the endpoint (API Authentication Mechanisms)

apikey

YES

Response

HTTP Status Codes

Please refer to Status Codes for more information.

Body

Example of successful product info:

{
"data": [
{
"vendor_infos": [
{
"vendor_name": "Microsoft Corporation",
"wa_vendor_id": "90"
}
],
"os_infos": [
{
"os_name": "Microsoft Windows 7 Ultimate",
"os_name_norm": "microsoft windows 7 ultimate ",
"os_type": 1,
"arch": "64-bit",
"language": "العربية (السعودية)‏",
"kernel_version": "6.1.7600",
"wa_os_id": "34",
"service_pack": ""
},
{
"os_name": "Microsoft Windows 7 Professional",
"os_name_norm": "microsoft windows 7 professional ",
"os_type": 1,
"arch": "64-bit",
"language": "English (United States)",
"kernel_version": "6.1.7601",
"wa_os_id": "33",
"service_pack": "1.0"
},
{
"os_name": "Microsoft Windows 8 Single Language",
"os_name_norm": "microsoft windows 8 single language",
"os_type": 1,
"arch": "64-bit",
"language": "English (United States)",
"kernel_version": "6.2.9200",
"wa_os_id": "43",
"service_pack": ""
},
{
"os_name": "Microsoft Windows 7 Professional",
"os_name_norm": "microsoft windows 7 professional ",
"os_type": 1,
"arch": "32-bit",
"language": "English (United States)",
"kernel_version": "6.1.7601",
"wa_os_id": "33",
"service_pack": "1.0"
},
...
],
"product_infos": [
{
"product_name": "WordPad",
"product_version": "6.1.7600.16385",
"wa_product_id": "2875",
"wa_signature_id": "2925"
},
{
"product_name": "WordPad",
"product_version": "6.2.9200.16384",
"wa_product_id": "2875",
"wa_signature_id": "2925"
},
{
"product_name": "WordPad",
"product_version": "10.0.15063.0",
"wa_product_id": "2875",
"wa_signature_id": "2925"
},
{
"product_name": "WordPad",
"product_version": "10.0.14393.0",
"wa_product_id": "2875",
"wa_signature_id": "2925"
},
{
"product_name": "WordPad",
"product_version": "6.3.9600.17415",
"wa_product_id": "2875",
"wa_signature_id": "2925"
}
],
"device_identity_stats": [
{
"reported_ts_yyww": "1739",
"device_identity_count": 1,
"device_identity_count_rank_over_sha1": 0
},
{
"reported_ts_yyww": "1738",
"device_identity_count": 1,
"device_identity_count_rank_over_sha1": 0
},
{
"reported_ts_yyww": "1737",
"device_identity_count": 5,
"device_identity_count_rank_over_sha1": 0
},
{
"reported_ts_yyww": "1736",
"device_identity_count": 2,
"device_identity_count_rank_over_sha1": 0
},
...
],
"file_infos": [
{
"file_name": "KMService.exe",
"file_name_lower": "kmservice.exe",
"file_size": 0,
"file_property_version": "",
"file_property_version_norm": "",
"sha1": "01C7D28E8828A91C27FFE0F1155CFA835FA6D703"
},
{
"file_name": "kmservice.exe",
"file_name_lower": "kmservice.exe",
"file_size": 0,
"file_property_version": "",
"file_property_version_norm": "",
"sha1": "01C7D28E8828A91C27FFE0F1155CFA835FA6D703"
}
],
"product_info_stats": [
{
"product_name_norm": "wordpad",
"product_name_norm_count": 715,
"product_name_norm_rank_over_sha1": 0,
"product_version_norm": "6 1 7600 16385"
}
],
"source_ip_stats": [
{
"reported_ts_yyww": "1739",
"source_ip_count": 1,
"source_ip_count_rank_over_sha1": 0
},
{
"reported_ts_yyww": "1738",
"source_ip_count": 1,
"source_ip_count_rank_over_sha1": 0
},
{
"reported_ts_yyww": "1737",
"source_ip_count": 4,
"source_ip_count_rank_over_sha1": 0
},
{
"reported_ts_yyww": "1736",
"source_ip_count": 2,
"source_ip_count_rank_over_sha1": 0
},
...
],
"file_path_stats": [
{
"file_path": "\\windows\\kmservice.exe",
"file_path_count": 710,
"file_path_rank_over_sha1": 0
},
{
"file_path": "\\windows\\kmsem\\kmservice.exe",
"file_path_count": 5,
"file_path_rank_over_sha1": 0
}
],
"loaded_component_stats": [
{
"loaded_component": "0119C23D88292A0E4FEC04D5CF8629005A44E37C",
"loaded_component_count": 172
},
{
"loaded_component": "01C7D28E8828A91C27FFE0F1155CFA835FA6D703",
"loaded_component_count": 715
},
{
"loaded_component": "1138E3976F45590DFA26ABDFF2203F410F951B3D",
"loaded_component_count": 14
},
{
"loaded_component": "2AE4EA1E2F2248A86F0DD25A1CBF828B5496FA79",
"loaded_component_count": 33
},
{
"loaded_component": "51EBCE522386084840199CFFDF3DD6AC30FB9F59",
"loaded_component_count": 14
},
{
"loaded_component": "60F5B3FFC2137E4CC230F66D77C45D63C2F59894",
"loaded_component_count": 14
},
...
],
"computer_type_stats": [
{
"computer_type": "laptop",
"computer_type_count": 77,
"computer_type_rank_over_sha1": 0
},
{
"computer_type": "desktop",
"computer_type_count": 99,
"computer_type_rank_over_sha1": 0
}
],
"connection_stats": [],
"categories": [
{
"category_name": "Unclassified",
"wa_category_id": "10"
}
]
}
]
}

Example of the parameter being invalid:

{
"error": {
"code": 404005,
"messages": [
"The hash 0000BF66978AA7EA3DF2BE15286026442CF19D52 information does not exist"
]
}
}

Descriptions of response:

connection_stats.domain_name

The domain name corresponding to the reported IP address

connection_stats.domain_name_count

How many times this domain name was reported for the parent applications

connection_stats.host_name

The hostname corresponding to the reported IP address

connection_stats.host_name_count

How many times this hostname was reported for the parent applications

connection_stats.external_ip

The reported IP addresses for the network traffic of the parent applications

connection_stats.external_ip_count

How many times this IP was reported for the parent applications

os_infos.kernel_version

The kernel version reported from each endpoint for each running OS

os_infos.service_pack

The service pack version reported from each endpoint for each running OS

os_infos.language

The OS language configuration reported from each endpoint for each running OS

os_infos.arch

The system architecture (32/64 bit) reported from each endpoint for each running OS

os_infos.os_name

The operating system official name reported from each endpoint for each running OS

product_info_stats.product_version_norm

The product version normalized reported for all running applications from each endpoint

product_info_stats.product_name_norm_count

How many times this application version was reported

product_info_stats.product_name_norm

The reported product name (normalized)

product_infos.product_version

The reported product version

product_infos.product_name

The reported product name (official)

vendor_infos.vendor_name

The reported vendor name (official)

loaded_component_stats.loaded_component

The hash (SHA1 format) of one of the components loaded at runtime

loaded_component_stats.loaded_component_count

How many times this component was reported as loaded for the applications this file belong to

categories.wa_category_id

Internal generated category ID; this corresponds to the applications classified by OESIS Framework

categories.category_name

Internal generated category name; this corresponds to the applications classified by OESIS Framework

Errors

Please refer to Errors for more information.

Sample code (Node.js)

var http = require("https");
 
var options = {
"method": "GET",
"hostname": "api.metadefender.com",
"path": "/v3/appinfo/9B6AEA1992775510CB9014AD6860D146",
"headers": {
"Authorization": "apikey " + process.env.APIKEY
}
};
 
var req = http.request(options, function (res) {
var chunks = [];
 
res.on("data", function (chunk) {
chunks.push(chunk);
});
 
res.on("end", function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
 
req.end();

Sample code (cURL)

curl -X GET \
https://api.metadefender.com/v4/appinfo/B075602CF6BCB3284C44A640DAFFA49CC5AA8F469A20E4B242F2DDE85FCB4DBE \
-H "apikey: ${APIKEY}"