5.1 Application Information Lookup
Request |
Value |
Method |
GET |
URL |
https://api.metadefender.com/v4/appinfo/:hash |
Summary
OPSWAT MetaAccess application information
When doing a hash lookup, if the body of the response contains the "additional_info" field (array) containing the "appinfo", it means that this particular hash has Application Information associated and can be retrieved using this endpoint:
additional_info: [
"appinfo"
]
Request
HTTP URL parameters
|
Description |
Example |
:hash |
The hash value for which you need OESIS info (MD5/SHA1/SHA256) |
B075602CF6BCB3284C44A640DAFFA49CC5AA8F469A20E4B242F2DDE85FCB4DBE |
HTTP Header Parameters
|
Description |
Allowed Values |
Required |
apikey |
gives rights to use the endpoint (API Authentication Mechanisms) |
apikey |
YES |
Response
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of successful product info:
{
"data"
: [
{
"vendor_infos"
: [
{
"vendor_name"
:
"Microsoft Corporation"
,
"wa_vendor_id"
:
"90"
}
],
"os_infos"
: [
{
"os_name"
:
"Microsoft Windows 7 Ultimate"
,
"os_name_norm"
:
"microsoft windows 7 ultimate "
,
"os_type"
:
1
,
"arch"
:
"64-bit"
,
"language"
:
"العربية (السعودية)"
,
"kernel_version"
:
"6.1.7600"
,
"wa_os_id"
:
"34"
,
"service_pack"
:
""
},
{
"os_name"
:
"Microsoft Windows 7 Professional"
,
"os_name_norm"
:
"microsoft windows 7 professional "
,
"os_type"
:
1
,
"arch"
:
"64-bit"
,
"language"
:
"English (United States)"
,
"kernel_version"
:
"6.1.7601"
,
"wa_os_id"
:
"33"
,
"service_pack"
:
"1.0"
},
{
"os_name"
:
"Microsoft Windows 8 Single Language"
,
"os_name_norm"
:
"microsoft windows 8 single language"
,
"os_type"
:
1
,
"arch"
:
"64-bit"
,
"language"
:
"English (United States)"
,
"kernel_version"
:
"6.2.9200"
,
"wa_os_id"
:
"43"
,
"service_pack"
:
""
},
{
"os_name"
:
"Microsoft Windows 7 Professional"
,
"os_name_norm"
:
"microsoft windows 7 professional "
,
"os_type"
:
1
,
"arch"
:
"32-bit"
,
"language"
:
"English (United States)"
,
"kernel_version"
:
"6.1.7601"
,
"wa_os_id"
:
"33"
,
"service_pack"
:
"1.0"
},
...
],
"product_infos"
: [
{
"product_name"
:
"WordPad"
,
"product_version"
:
"6.1.7600.16385"
,
"wa_product_id"
:
"2875"
,
"wa_signature_id"
:
"2925"
},
{
"product_name"
:
"WordPad"
,
"product_version"
:
"6.2.9200.16384"
,
"wa_product_id"
:
"2875"
,
"wa_signature_id"
:
"2925"
},
{
"product_name"
:
"WordPad"
,
"product_version"
:
"10.0.15063.0"
,
"wa_product_id"
:
"2875"
,
"wa_signature_id"
:
"2925"
},
{
"product_name"
:
"WordPad"
,
"product_version"
:
"10.0.14393.0"
,
"wa_product_id"
:
"2875"
,
"wa_signature_id"
:
"2925"
},
{
"product_name"
:
"WordPad"
,
"product_version"
:
"6.3.9600.17415"
,
"wa_product_id"
:
"2875"
,
"wa_signature_id"
:
"2925"
}
],
"device_identity_stats"
: [
{
"reported_ts_yyww"
:
"1739"
,
"device_identity_count"
:
1
,
"device_identity_count_rank_over_sha1"
:
0
},
{
"reported_ts_yyww"
:
"1738"
,
"device_identity_count"
:
1
,
"device_identity_count_rank_over_sha1"
:
0
},
{
"reported_ts_yyww"
:
"1737"
,
"device_identity_count"
:
5
,
"device_identity_count_rank_over_sha1"
:
0
},
{
"reported_ts_yyww"
:
"1736"
,
"device_identity_count"
:
2
,
"device_identity_count_rank_over_sha1"
:
0
},
...
],
"file_infos"
: [
{
"file_name"
:
"KMService.exe"
,
"file_name_lower"
:
"kmservice.exe"
,
"file_size"
:
0
,
"file_property_version"
:
""
,
"file_property_version_norm"
:
""
,
"sha1"
:
"01C7D28E8828A91C27FFE0F1155CFA835FA6D703"
},
{
"file_name"
:
"kmservice.exe"
,
"file_name_lower"
:
"kmservice.exe"
,
"file_size"
:
0
,
"file_property_version"
:
""
,
"file_property_version_norm"
:
""
,
"sha1"
:
"01C7D28E8828A91C27FFE0F1155CFA835FA6D703"
}
],
"product_info_stats"
: [
{
"product_name_norm"
:
"wordpad"
,
"product_name_norm_count"
:
715
,
"product_name_norm_rank_over_sha1"
:
0
,
"product_version_norm"
:
"6 1 7600 16385"
}
],
"source_ip_stats"
: [
{
"reported_ts_yyww"
:
"1739"
,
"source_ip_count"
:
1
,
"source_ip_count_rank_over_sha1"
:
0
},
{
"reported_ts_yyww"
:
"1738"
,
"source_ip_count"
:
1
,
"source_ip_count_rank_over_sha1"
:
0
},
{
"reported_ts_yyww"
:
"1737"
,
"source_ip_count"
:
4
,
"source_ip_count_rank_over_sha1"
:
0
},
{
"reported_ts_yyww"
:
"1736"
,
"source_ip_count"
:
2
,
"source_ip_count_rank_over_sha1"
:
0
},
...
],
"file_path_stats"
: [
{
"file_path"
:
"\\windows\\kmservice.exe"
,
"file_path_count"
:
710
,
"file_path_rank_over_sha1"
:
0
},
{
"file_path"
:
"\\windows\\kmsem\\kmservice.exe"
,
"file_path_count"
:
5
,
"file_path_rank_over_sha1"
:
0
}
],
"loaded_component_stats"
: [
{
"loaded_component"
:
"0119C23D88292A0E4FEC04D5CF8629005A44E37C"
,
"loaded_component_count"
:
172
},
{
"loaded_component"
:
"01C7D28E8828A91C27FFE0F1155CFA835FA6D703"
,
"loaded_component_count"
:
715
},
{
"loaded_component"
:
"1138E3976F45590DFA26ABDFF2203F410F951B3D"
,
"loaded_component_count"
:
14
},
{
"loaded_component"
:
"2AE4EA1E2F2248A86F0DD25A1CBF828B5496FA79"
,
"loaded_component_count"
:
33
},
{
"loaded_component"
:
"51EBCE522386084840199CFFDF3DD6AC30FB9F59"
,
"loaded_component_count"
:
14
},
{
"loaded_component"
:
"60F5B3FFC2137E4CC230F66D77C45D63C2F59894"
,
"loaded_component_count"
:
14
},
...
],
"computer_type_stats"
: [
{
"computer_type"
:
"laptop"
,
"computer_type_count"
:
77
,
"computer_type_rank_over_sha1"
:
0
},
{
"computer_type"
:
"desktop"
,
"computer_type_count"
:
99
,
"computer_type_rank_over_sha1"
:
0
}
],
"connection_stats"
: [],
"categories"
: [
{
"category_name"
:
"Unclassified"
,
"wa_category_id"
:
"10"
}
]
}
]
}
Example of the parameter being invalid:
{
"error"
: {
"code"
:
404005
,
"messages"
: [
"The hash 0000BF66978AA7EA3DF2BE15286026442CF19D52 information does not exist"
]
}
}
Descriptions of response:
connection_stats.domain_name |
The domain name corresponding to the reported IP address |
connection_stats.domain_name_count |
How many times this domain name was reported for the parent applications |
connection_stats.host_name |
The hostname corresponding to the reported IP address |
connection_stats.host_name_count |
How many times this hostname was reported for the parent applications |
connection_stats.external_ip |
The reported IP addresses for the network traffic of the parent applications |
connection_stats.external_ip_count |
How many times this IP was reported for the parent applications |
os_infos.kernel_version |
The kernel version reported from each endpoint for each running OS |
os_infos.service_pack |
The service pack version reported from each endpoint for each running OS |
os_infos.language |
The OS language configuration reported from each endpoint for each running OS |
os_infos.arch |
The system architecture (32/64 bit) reported from each endpoint for each running OS |
os_infos.os_name |
The operating system official name reported from each endpoint for each running OS |
product_info_stats.product_version_norm |
The product version normalized reported for all running applications from each endpoint |
product_info_stats.product_name_norm_count |
How many times this application version was reported |
product_info_stats.product_name_norm |
The reported product name (normalized) |
product_infos.product_version |
The reported product version |
product_infos.product_name |
The reported product name (official) |
vendor_infos.vendor_name |
The reported vendor name (official) |
loaded_component_stats.loaded_component |
The hash (SHA1 format) of one of the components loaded at runtime |
loaded_component_stats.loaded_component_count |
How many times this component was reported as loaded for the applications this file belong to |
categories.wa_category_id |
Internal generated category ID; this corresponds to the applications classified by OESIS Framework |
categories.category_name |
Internal generated category name; this corresponds to the applications classified by OESIS Framework |
Errors
Please refer to Errors for more information.
Sample code (Node.js)
var http = require(
"https"
);
var options = {
"method"
:
"GET"
,
"hostname"
:
"api.metadefender.com"
,
"path"
:
"/v3/appinfo/9B6AEA1992775510CB9014AD6860D146"
,
"headers"
: {
"Authorization"
:
"apikey "
+ process.env.APIKEY
}
};
var req = http.request(options, function (res) {
var chunks = [];
res.on(
"data"
, function (chunk) {
chunks.push(chunk);
});
res.on(
"end"
, function () {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
Sample code (cURL)
curl -X GET \
https:
//api.metadefender.com/v4/appinfo/B075602CF6BCB3284C44A640DAFFA49CC5AA8F469A20E4B242F2DDE85FCB4DBE \
-H
"apikey: ${APIKEY}"