virustotal-file-report-batch
Retrieve file reputation information from VirusTotal for the hash value passed as the input record.
virustotal-file-report-batch [profile=PROFILE]
- profile=PROFILE
- Comma seperated VirusTotal profile names
Input Field
- hash: MD5, SHA1, or SHA256 value
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| file_name | String | File name | file_name |
| file_size | Long | File size | Size in bytes |
| threat_label | String | Threat label | e.g. trojan.kelios/malcert |
| malicious_reports | Integer | Malicious reports | Number of reports saying that is malicious. |
| suspicious_reports | Integer | Suspicious reports | Number of reports saying that is suspicious. |
| harmless_reports | Integer | Harmless reports | Number of reports saying that is suspicious. |
| undetected_reports | Integer | Undetected reports | Number of reports saying that is undetected. |
| type_unsupported_reports | Integer | Type unsupported reports | Number of AV engines that don't support that type of file. |
| confirmed_timeout_reports | Integer | Confirmed timeout reports | Number of AV engines that reach a timeout when analysing that file. |
| timeout_reports | Integer | Timeout reports | Number of timeouts when analysing this file. |
| failure_reports | Integer | Failure reports | Number of AV engines that fail when analysing that file. |
| reputation | Integer | Reputation | File's score by community votes |
| harmless_votes | Integer | Harmless votes | Number of positive votes. |
| malicious_votes | Integer | Malicious votes | Number of negative votes. |
| type_tag | String | Type tag | e.g. peexe, pedll, elf, doc |
| type_extension | String | Type extension | e.g. exe, dll, doc |
| type_description | String | Type description | e.g. Win32 EXE, ELF, MS Word Document |
| tags | List | Tags | e.g. executable, windows, pe, pedll |
| md5 | String | MD5sum | |
| sha1 | String | SHA1 hash | |
| sha256 | String | SHA256 hash | |
| ssdeep | String | SSDEEP | Fuzzy hash of the file content. |
| vhash | String | VHash | Similarity clustering value |
| first_submission | Date | First submission time | |
| last_submission | Date | Last submission time | |
| last_analysis | Date | Last analysis time | |
| unique_sources | Integer | Unique sources | How many different sources the file has been posted from. |
| file_names | List | File names | |
| last_analysis_results | List | Analysis results | engine_name, engine_version, engine_update, method, category, result properties. |