5.3 PE Info Lookup
|
Request |
Value |
|
Method |
GET |
|
URL |
https://api.metadefender.com/v3/hash/:hash/peinfo |
Summary
PE info lookup of a hash by md5, sha1 or sha256. With PEinfo (portable executable file format) specifications for executable files information like executable headers, section headers, import and export tables, application resources and others can be viewed and analyzed. MetaDefender Cloud has this information for most of it's executables, but it is not guaranteed that all executables will have such data associated. The amount and complexity of the displayed information depends on the file analysed.
When doing a hash lookup, if the body of the response contains `pe_info: true`, it means that this particular hash has PEinfo information associated and can be retrieved using this endpoint.
Request
HTTP URL parameters
|
|
Description |
Example |
|
:hash |
The hash value for which you need PE info (MD5/SHA1/SHA256) |
8952089536C5489C5B38EE426450ADFC |
HTTP Header Parameters
|
|
Description |
Allowed Values |
Required |
|
Authorization |
give rights to use the endpoint (API Authentication Mechanisms) |
apikey |
YES |
Response
HTTP Status Codes
Please refer to Status Codes for more information.
Body
Example of successful product info:
{ "success": true, "data": { "section_headers": [ { "name": ".text", "number_of_relocations": 0, "characteristics": [ "IMAGE_SCN_MEM_EXECUTE", "IMAGE_SCN_CNT_CODE", "IMAGE_SCN_MEM_READ" ], "virtual_address": "0x1000", "pointer_to_linenumbers": "0x0", "pointer_to_raw_data": "0x400", "entropy": 6.38492393996, "raw_size": 34304, "pointer_to_relocations": "0x0", "virtual_size": 34096, "number_of_linenumbers": 0, "md5": "933dd465f2fadc12cd8b040d979642d1" }, { "name": ".rdata", "number_of_relocations": 0, "characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "virtual_address": "0xa000", "pointer_to_linenumbers": "0x0", "pointer_to_raw_data": "0x8a00", "entropy": 4.9756962316, "raw_size": 11776, "pointer_to_relocations": "0x0", "virtual_size": 11715, "number_of_linenumbers": 0, "md5": "2a2e17b209d2117e4c56b3f95549660b" }, { "name": ".data", "number_of_relocations": 0, "characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_WRITE", "IMAGE_SCN_MEM_READ" ], "virtual_address": "0xd000", "pointer_to_linenumbers": "0x0", "pointer_to_raw_data": "0xb800", "entropy": 2.47812653937, "raw_size": 3584, "pointer_to_relocations": "0x0", "virtual_size": 7232, "number_of_linenumbers": 0, "md5": "21173c2b9e70400a8ccfa1d648a2eb10" }, { "name": ".rsrc", "number_of_relocations": 0, "characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "virtual_address": "0xf000", "pointer_to_linenumbers": "0x0", "pointer_to_raw_data": "0xc600", "entropy": 4.52644656901, "raw_size": 1536, "pointer_to_relocations": "0x0", "virtual_size": 1256, "number_of_linenumbers": 0, "md5": "f4b3e23e28dad0f9b00f84931b248021" }, { "name": ".reloc", "number_of_relocations": 0, "characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_DISCARDABLE", "IMAGE_SCN_MEM_READ" ], "virtual_address": "0x10000", "pointer_to_linenumbers": "0x0", "pointer_to_raw_data": "0xcc00", "entropy": 4.84729024547, "raw_size": 6656, "pointer_to_relocations": "0x0", "virtual_size": 6478, "number_of_linenumbers": 0, "md5": "618125446dae749f610f707a6e854e45" } ], "imported_dlls": [ { "functions": [ "EnterCriticalSection", "ResetEvent", "CreateEventW", "DeleteCriticalSection", "CloseHandle", "Sleep", "FreeLibrary", "GetCurrentProcess", "GetLastError", "LoadLibraryW", "GetProcAddress", "WaitForMultipleObjects", "LeaveCriticalSection", "GetOverlappedResult", "CreateFileW", "GetVersionExW", "InterlockedCompareExchange", "InterlockedExchange", "CreateSemaphoreW", "ReleaseSemaphore", "CreateThread", "SetEvent", "WaitForSingleObject", "SetThreadPriority", "GetSystemInfo", "InitializeCriticalSection", "InterlockedDecrement", "CancelIo", "InterlockedIncrement", "HeapAlloc", "HeapFree", "EncodePointer", "DecodePointer", "GetCurrentThreadId", "GetCommandLineA", "TerminateProcess", "UnhandledExceptionFilter", "SetUnhandledExceptionFilter", "IsDebuggerPresent", "RaiseException", "GetModuleHandleW", "ExitProcess", "WriteFile", "GetStdHandle", "GetModuleFileNameW", "HeapCreate", "HeapDestroy", "HeapSize", "TlsAlloc", "TlsGetValue", "TlsSetValue", "TlsFree", "SetLastError", "SetHandleCount", "InitializeCriticalSectionAndSpinCount", "GetFileType", "GetStartupInfoW", "GetModuleFileNameA", "FreeEnvironmentStringsW", "WideCharToMultiByte", "GetEnvironmentStringsW", "QueryPerformanceCounter", "GetTickCount", "GetCurrentProcessId", "GetSystemTimeAsFileTime", "HeapReAlloc", "RtlUnwind", "GetCPInfo", "GetACP", "GetOEMCP", "IsValidCodePage", "LCMapStringW", "MultiByteToWideChar", "GetStringTypeW", "IsProcessorFeaturePresent" ], "name": "KERNEL32.dll" }, { "functions": [ "LookupPrivilegeValueW", "OpenProcessToken", "AdjustTokenPrivileges" ], "name": "ADVAPI32.dll" } ], "vs_version_info": { "original_filename": "gzfltum.dll", "comments": "", "product_version": "1.0.0.1", "legal_copyright": "Copyright © 1997-2011 BitDefender", "company_name": "BitDefender", "internal_name": "gzfltum.dll", "product_name": "BitDefender", "file_description": "gzflt user mode library" }, "imphash": "1a617e36732cae691794fa6880f714a0", "optional_headers": { "subsystem": "IMAGE_SUBSYSTEM_WINDOWS_GUI", "subsystem_version": "5.1", "linker_version": "10.0", "image_version": "0.0", "checksum": "122196", "os_version": "5.1", "entry_point": "0x4e3e", "image_size": 73728, "initialized_data_size": 23552, "uninitialized_data_size": 0, "code_size": 34304, "pe_type": "0x10b" }, "headers": { "characteristics": [ "IMAGE_FILE_32BIT_MACHINE", "IMAGE_FILE_EXECUTABLE_IMAGE", "IMAGE_FILE_DLL" ], "number_of_sections": 5, "pointer_to_symbol_table": "0", "machine_type": "IMAGE_FILE_MACHINE_I386", "compilation_time": "2015-02-24T14:52:25.000Z", "number_of_symbols": 0 }, "pehash": "12007627c7051d8e450fa63d41acba7cdaa518c3", "exported_functions": [ "module_cleanup", "module_init" ], "resource_info": [ { "resource_ids": [ { "resource_langs": [ "LANG_ENGLISH" ], "name": "0x1" } ], "name": "RT_VERSION" }, { "resource_ids": [ { "resource_langs": [ "LANG_ENGLISH" ], "name": "0x2" } ], "name": "RT_MANIFEST" } ] }}Example of the parameter being invalid:
{ "success": false, "error": { "code": 400064, "messages": [ "The hash value is not valid" ] }}Descriptions of response:
|
data |
Object containing PE info extracted |
Errors
Please refer to Errors for more information.
Sample code (Node.js)
var http = require("https");var options = { "method": "GET", "hostname": [ "api", "metadefender", "com" ], "path": [ "v3", "hash", "8952089536C5489C5B38EE426450ADFC", "peinfo" ], "headers": { "Authorization": "apikey " + process.env.APIKEY }};var req = http.request(options, function (res) { var chunks = []; res.on("data", function (chunk) { chunks.push(chunk); }); res.on("end", function () { var body = Buffer.concat(chunks); console.log(body.toString()); });});req.end();Sample code (cURL)
curl -X GET \ https://api.metadefender.com/v3/hash/8952089536C5489C5B38EE426450ADFC/peinfo \ -H 'Authorization: apikey ${APIKEY}'