Skip to content

API: Malware Query

Jump to bottom
elsif2 edited this page Aug 30, 2024 · 2 revisions

Access to methods in this module are limited to members of the malware group.

Note: Rate limiting by source IP is set to 10 queries per second.

Malware

Returns a JSON response containing static details about the requested sample as well as antivirus vendor and signature details.

Sample query:

https://api.shadowserver.org/malware/info?sample=dfe1832e02888422f48d6896dc8e8f73

Up to 1,000 samples can be queried in a single call:

https://api.shadowserver.org/malware/info?sample=dfe1832e02888422f48d6896dc8e8f73,d41d8cd98f00b204e9800998ecf8427e

Example:

[
  {
    "timestamp": "2016-08-25 02:44:39",
    "first_seen": "2016-08-25 02:44:39",
    "sha1": "c56ba498d41caa7be3c1eb5588cec27c413eb208",
    "anti_virus": [
      {
        "md5": "dfe1832e02888422f48d6896dc8e8f73",
        "vendor": "Fortinet",
        "signature": "W32/Lamer.CQ",
        "timestamp": "2017-04-11 03:14:49"
      },
      {
        "signature": "Win32:Lamer-A",
        "timestamp": "2018-07-05 00:01:07",
        "md5": "dfe1832e02888422f48d6896dc8e8f73",
        "vendor": "Avast"
      },
      {
        "timestamp": "2016-08-26 05:08:45",
        "signature": "Win32.Generic.VC",
        "vendor": "AVG",
        "md5": "dfe1832e02888422f48d6896dc8e8f73"
      },
      {
        "vendor": "Avast",
        "md5": "dfe1832e02888422f48d6896dc8e8f73",
        "timestamp": "2018-07-04 23:54:24",
        "signature": "Win32:Malware-gen"
      },
      {
        "md5": "dfe1832e02888422f48d6896dc8e8f73",
        "vendor": "Clam",
        "timestamp": "2017-01-14 06:23:13",
        "signature": "PUA.Win.Packer.Purebasic-2"
      },
      {
        "md5": "dfe1832e02888422f48d6896dc8e8f73",
        "vendor": "Sunbelt",
        "timestamp": "2018-10-17 20:36:23",
        "signature": "Virus.Win32.sivis.a"
      }
    ],
    "last_seen": "2016-08-25 02:44:39",
    "type": "exe",
    "sha256": "d8d395f8744335fba53b0a4308e7b380a0aca86bfc8939ded9f4c8c5cb1e838a",
    "md5": "dfe1832e02888422f48d6896dc8e8f73",
    "tlsh": "c1b52a5273fa0254f2f35f75a8b7a3944939fea11d22e08e1164314d88b6f808e75bb7",
    "import_hash": "33f98db5bdb6a7013d52f0120248df35",
    "entropic": "5.952427",
    "pehash": "243c35935ecc9829f30b30c45839cbf6",
    "filesize": "2438340",
    "adobe_malware_classifier": "malicious",
    "sha512": "7ca1fdfe537913b8854227efc1f11b00d405f2d21e416e7023c4ebed2bfa887d2bc4d4d553ce41667c99def47ea05e6ce4a773c4ee7173927f1d263e724c16c2",
    "magic": "PE32 executable (GUI) Intel 80386, for MS Windows"
  }
]
Clone this wiki locally