Developers can
check API Specification here:
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/374b1dede27caa6bc1ab61fff0efcb7a89aa212ac5c67e9fc55ac241346afffa
Request:
Alternatively you can use Maltiverse Python3 Library:
import requests
import json
url = 'https://api.maltiverse.com/sample/374b1dede27caa6bc1ab61fff0efcb7a89aa212ac5c67e9fc55ac241346afffa'
response = requests.get(url)
print(json.dumps(response.json(), indent=4, sort_keys=True))
Request:
$url = 'https://api.maltiverse.com/sample/374b1dede27caa6bc1ab61fff0efcb7a89aa212ac5c67e9fc55ac241346afffa'
$headers = @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response
Response:
{
"antivirus": [
{
"description": "W64.AIDetectMalware",
"name": "Bkav"
},
{
"description": "win/malicious_confidence_60% (D)",
"name": "CrowdStrike"
},
{
"description": "ML.Attribute.HighConfidence",
"name": "Symantec"
},
{
"description": "Trojan:Win32/Wacatac.H!ml",
"name": "Microsoft"
},
{
"description": "Trojan.Malware.300983.susgen",
"name": "MaxSecure"
},
{
"description": "MALICIOUS",
"name": "DeepInstinct"
}
],
"av_ratio": 8,
"blacklist": [
{
"count": 1,
"description": "Generic Malware",
"first_seen": "2023-10-21 19:45:04",
"last_seen": "2023-10-21 19:45:04",
"source": "Hybrid-Analysis"
}
],
"classification": "malicious",
"contacted_host": [
"192.30.255.112",
"185.199.108.133"
],
"creation_time": "2023-10-21 19:28:53",
"dns_request": [
"github.com",
"objects.githubusercontent.com"
],
"filename": [
"Fluster.Installer.exe"
],
"filetype": "PE32+ executable (console) x86-64, for MS Windows",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "34a86d6210691332d17bb6a56c3bc0cc",
"modification_time": "2023-10-21 19:45:04",
"process_list": [
{
"name": "Fluster.Installer.exe",
"normalizedpath": "C:\\Fluster.Installer.exe",
"sha256": "374b1dede27caa6bc1ab61fff0efcb7a89aa212ac5c67e9fc55ac241346afffa",
"uid": "00000000-00006416"
},
{
"commandline": "-Command if ((Get-ItemPropertyValue -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock' -Name 'AllowDevelopmentWithoutDevLicense') -eq 1) { Write-Output 'Developer Mode is already enabled.' } else { Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock' -Name 'AllowDevelopmentWithoutDevLicense' -Value 1; }",
"name": "powershell.exe",
"normalizedpath": "%WINDIR%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
"sha256": "34507738f84b9d4f231dc0c187fee4a03b4ddb84cf63ff56a4a1761a9bd56ea6",
"uid": "00000000-00006812"
},
{
"commandline": "-Command if ((Get-ItemPropertyValue -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock' -Name 'AllowDevelopmentWithoutDevLicense') -eq 0) { Write-Output 'Developer Mode is already disabled.' } else { Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock' -Name 'AllowDevelopmentWithoutDevLicense' -Value 0; }",
"name": "powershell.exe",
"normalizedpath": "%WINDIR%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
"sha256": "34507738f84b9d4f231dc0c187fee4a03b4ddb84cf63ff56a4a1761a9bd56ea6",
"uid": "00000000-00001204"
},
{
"commandline": "/c pause",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "ec436aeee41857eee5875efdb7166fe043349db5f58f3ee9fc4ff7f50005767f",
"uid": "00000000-00007196"
}
],
"score": 10,
"sha1": "4a803d1ccf1865f98b1d45f391089316a9506d10",
"sha256": "374b1dede27caa6bc1ab61fff0efcb7a89aa212ac5c67e9fc55ac241346afffa",
"size": 51200,
"type": "sample"
}