5.1 Application Information Lookup
|
Request |
Value |
|
Method |
GET |
|
URL |
https://api.metadefender.com/v4/appinfo/:hash |
Summary
OPSWAT MetaAccess application information
When doing a hash lookup, if the body of the response contains the "additional_info" field (array) containing the "appinfo", it means that this particular hash has Application Information associated and can be retrieved using this endpoint:
additional_info: ["appinfo"]Request
HTTP URL parameters
|
|
Description |
Example |
|
:hash |
The hash value for which you need OESIS info (MD5/SHA1/SHA256) |
B075602CF6BCB3284C44A640DAFFA49CC5AA8F469A20E4B242F2DDE85FCB4DBE |
HTTP Header Parameters
|
|
Description |
Allowed Values |
Required |
|
apikey |
gives rights to use the endpoint (API Authentication Mechanisms) |
apikey |
YES |
Response
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of successful product info:
{ "data": [ { "vendor_infos": [ { "vendor_name": "Microsoft Corporation", "wa_vendor_id": "90" } ], "os_infos": [ { "os_name": "Microsoft Windows 7 Ultimate", "os_name_norm": "microsoft windows 7 ultimate ", "os_type": 1, "arch": "64-bit", "language": "العربية (السعودية)", "kernel_version": "6.1.7600", "wa_os_id": "34", "service_pack": "" }, { "os_name": "Microsoft Windows 7 Professional", "os_name_norm": "microsoft windows 7 professional ", "os_type": 1, "arch": "64-bit", "language": "English (United States)", "kernel_version": "6.1.7601", "wa_os_id": "33", "service_pack": "1.0" }, { "os_name": "Microsoft Windows 8 Single Language", "os_name_norm": "microsoft windows 8 single language", "os_type": 1, "arch": "64-bit", "language": "English (United States)", "kernel_version": "6.2.9200", "wa_os_id": "43", "service_pack": "" }, { "os_name": "Microsoft Windows 7 Professional", "os_name_norm": "microsoft windows 7 professional ", "os_type": 1, "arch": "32-bit", "language": "English (United States)", "kernel_version": "6.1.7601", "wa_os_id": "33", "service_pack": "1.0" }, ... ], "product_infos": [ { "product_name": "WordPad", "product_version": "6.1.7600.16385", "wa_product_id": "2875", "wa_signature_id": "2925" }, { "product_name": "WordPad", "product_version": "6.2.9200.16384", "wa_product_id": "2875", "wa_signature_id": "2925" }, { "product_name": "WordPad", "product_version": "10.0.15063.0", "wa_product_id": "2875", "wa_signature_id": "2925" }, { "product_name": "WordPad", "product_version": "10.0.14393.0", "wa_product_id": "2875", "wa_signature_id": "2925" }, { "product_name": "WordPad", "product_version": "6.3.9600.17415", "wa_product_id": "2875", "wa_signature_id": "2925" } ], "device_identity_stats": [ { "reported_ts_yyww": "1739", "device_identity_count": 1, "device_identity_count_rank_over_sha1": 0 }, { "reported_ts_yyww": "1738", "device_identity_count": 1, "device_identity_count_rank_over_sha1": 0 }, { "reported_ts_yyww": "1737", "device_identity_count": 5, "device_identity_count_rank_over_sha1": 0 }, { "reported_ts_yyww": "1736", "device_identity_count": 2, "device_identity_count_rank_over_sha1": 0 }, ... ], "file_infos": [ { "file_name": "KMService.exe", "file_name_lower": "kmservice.exe", "file_size": 0, "file_property_version": "", "file_property_version_norm": "", "sha1": "01C7D28E8828A91C27FFE0F1155CFA835FA6D703" }, { "file_name": "kmservice.exe", "file_name_lower": "kmservice.exe", "file_size": 0, "file_property_version": "", "file_property_version_norm": "", "sha1": "01C7D28E8828A91C27FFE0F1155CFA835FA6D703" } ], "product_info_stats": [ { "product_name_norm": "wordpad", "product_name_norm_count": 715, "product_name_norm_rank_over_sha1": 0, "product_version_norm": "6 1 7600 16385" } ], "source_ip_stats": [ { "reported_ts_yyww": "1739", "source_ip_count": 1, "source_ip_count_rank_over_sha1": 0 }, { "reported_ts_yyww": "1738", "source_ip_count": 1, "source_ip_count_rank_over_sha1": 0 }, { "reported_ts_yyww": "1737", "source_ip_count": 4, "source_ip_count_rank_over_sha1": 0 }, { "reported_ts_yyww": "1736", "source_ip_count": 2, "source_ip_count_rank_over_sha1": 0 }, ... ], "file_path_stats": [ { "file_path": "\\windows\\kmservice.exe", "file_path_count": 710, "file_path_rank_over_sha1": 0 }, { "file_path": "\\windows\\kmsem\\kmservice.exe", "file_path_count": 5, "file_path_rank_over_sha1": 0 } ], "loaded_component_stats": [ { "loaded_component": "0119C23D88292A0E4FEC04D5CF8629005A44E37C", "loaded_component_count": 172 }, { "loaded_component": "01C7D28E8828A91C27FFE0F1155CFA835FA6D703", "loaded_component_count": 715 }, { "loaded_component": "1138E3976F45590DFA26ABDFF2203F410F951B3D", "loaded_component_count": 14 }, { "loaded_component": "2AE4EA1E2F2248A86F0DD25A1CBF828B5496FA79", "loaded_component_count": 33 }, { "loaded_component": "51EBCE522386084840199CFFDF3DD6AC30FB9F59", "loaded_component_count": 14 }, { "loaded_component": "60F5B3FFC2137E4CC230F66D77C45D63C2F59894", "loaded_component_count": 14 }, ... ], "computer_type_stats": [ { "computer_type": "laptop", "computer_type_count": 77, "computer_type_rank_over_sha1": 0 }, { "computer_type": "desktop", "computer_type_count": 99, "computer_type_rank_over_sha1": 0 } ], "connection_stats": [], "categories": [ { "category_name": "Unclassified", "wa_category_id": "10" } ] } ]}Example of the parameter being invalid:
{ "error": { "code": 404005, "messages": [ "The hash 0000BF66978AA7EA3DF2BE15286026442CF19D52 information does not exist" ] }}Descriptions of response:
|
connection_stats.domain_name |
The domain name corresponding to the reported IP address |
|
connection_stats.domain_name_count |
How many times this domain name was reported for the parent applications |
|
connection_stats.host_name |
The hostname corresponding to the reported IP address |
|
connection_stats.host_name_count |
How many times this hostname was reported for the parent applications |
|
connection_stats.external_ip |
The reported IP addresses for the network traffic of the parent applications |
|
connection_stats.external_ip_count |
How many times this IP was reported for the parent applications |
|
os_infos.kernel_version |
The kernel version reported from each endpoint for each running OS |
|
os_infos.service_pack |
The service pack version reported from each endpoint for each running OS |
|
os_infos.language |
The OS language configuration reported from each endpoint for each running OS |
|
os_infos.arch |
The system architecture (32/64 bit) reported from each endpoint for each running OS |
|
os_infos.os_name |
The operating system official name reported from each endpoint for each running OS |
|
product_info_stats.product_version_norm |
The product version normalized reported for all running applications from each endpoint |
|
product_info_stats.product_name_norm_count |
How many times this application version was reported |
|
product_info_stats.product_name_norm |
The reported product name (normalized) |
|
product_infos.product_version |
The reported product version |
|
product_infos.product_name |
The reported product name (official) |
|
vendor_infos.vendor_name |
The reported vendor name (official) |
|
loaded_component_stats.loaded_component |
The hash (SHA1 format) of one of the components loaded at runtime |
|
loaded_component_stats.loaded_component_count |
How many times this component was reported as loaded for the applications this file belong to |
|
categories.wa_category_id |
Internal generated category ID; this corresponds to the applications classified by OESIS Framework |
|
categories.category_name |
Internal generated category name; this corresponds to the applications classified by OESIS Framework |
Errors
Please refer to Errors for more information.
Sample code (Node.js)
var http = require("https"); var options = { "method": "GET", "hostname": "api.metadefender.com", "path": "/v3/appinfo/9B6AEA1992775510CB9014AD6860D146", "headers": { "Authorization": "apikey " + process.env.APIKEY } }; var req = http.request(options, function (res) { var chunks = []; res.on("data", function (chunk) { chunks.push(chunk); }); res.on("end", function () { var body = Buffer.concat(chunks); console.log(body.toString()); }); }); req.end();Sample code (cURL)
curl -X GET \ https://api.metadefender.com/v4/appinfo/B075602CF6BCB3284C44A640DAFFA49CC5AA8F469A20E4B242F2DDE85FCB4DBE \ -H "apikey: ${APIKEY}"