> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieve All Scans For Given Hash

Get all the scans for the specified hash.

<Note>
  External Documentation

  To learn more, visit the [Hybrid Analysis documentation](https://hybrid-analysis.com/docs/api/v2#/Search/b972462c6d0d664b328b10b9e91da4c9).
</Note>

## Parameters

<div className="integrations-table">
  | Parameter | Description                                                                                                                                                                                                                                 |
  | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Scan Hash | The hash value to search for. Supported formats are MD5, SHA1, SHA256, or SHA512.<br /><br />You can find the hash value in the `SHA256` field on the [Latest Submissions](https://www.hybrid-analysis.com/submissions/sandbox/files) page. |
</div>

## Example Output

```json theme={"dark"}
[
	{
		"classification_tags": [
			"evasive",
			"njrat",
			"stealer"
		],
		"tags": [
			"evasive",
			"njrat",
			"stealer"
		],
		"submissions": [
			{
				"submission_id": "63dd5e062d9e377060288eab",
				"filename": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
				"url": null,
				"created_at": "2023-02-03T19:18:30+00:00"
			}
		],
		"machine_learning_models": [],
		"crowdstrike_ai": null,
		"job_id": "63dd5e062d9e377060288eaa",
		"environment_id": 160,
		"environment_description": "Windows 10 64 bit",
		"size": 381952,
		"type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
		"type_short": [
			"peexe",
			"assembly",
			"executable"
		],
		"target_url": null,
		"state": "SUCCESS",
		"error_type": null,
		"error_origin": null,
		"submit_name": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
		"md5": "9d28b5e6020f1bd5f4b9bbca7405a5bd",
		"sha1": "5e03f35f168cbfe38e959ba7193e156c5dd224ca",
		"sha256": "b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93",
		"sha512": "b610c80ef90f45f34710461ee40c0abc06ceb93e4919ac3b438f9834946e8f3669c44a2924bf7bc6a4cc8159d686dbfc252c5073dae1faa8ac46fe6ccedc14b5",
		"ssdeep": "6144:78XN6W8mmHPtppXPSi9b4Gy4r9FENM8UJLh6EFGUiYMuCE2y:wN6qatppXPlRnEKHRAeGUtQE",
		"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
		"entrypoint": "0x42bd4e",
		"entrypoint_section": ".text",
		"image_base": "0x400000",
		"subsystem": "Windows Gui",
		"image_file_characteristics": [
			"EXECUTABLE_IMAGE",
			"LARGE_ADDRESS_AWARE"
		],
		"dll_characteristics": [
			"NO_SEH",
			"TERMINAL_SERVER_AWARE",
			"DYNAMIC_BASE",
			"NX_COMPAT",
			"HIGH_ENTROPY_VA"
		],
		"major_os_version": 4,
		"minor_os_version": 0,
		"av_detect": 77,
		"vx_family": "IL:Trojan.MSILZilla",
		"url_analysis": false,
		"analysis_start_time": "2023-02-03T19:18:31+00:00",
		"threat_score": 100,
		"interesting": false,
		"threat_level": 2,
		"verdict": "malicious",
		"certificates": [],
		"is_certificates_valid": null,
		"certificates_validation_message": null,
		"domains": [],
		"compromised_hosts": [],
		"hosts": [],
		"total_network_connections": 0,
		"total_processes": 1,
		"total_signatures": 76,
		"extracted_files": [],
		"file_metadata": null,
		"processes": [],
		"mitre_attcks": [
			{
				"tactic": "Execution",
				"technique": "Native API",
				"attck_id": "T1106",
				"attck_id_wiki": "https://attack.mitre.org/techniques/T1106",
				"malicious_identifiers_count": 0,
				"malicious_identifiers": [],
				"suspicious_identifiers_count": 0,
				"suspicious_identifiers": [],
				"informative_identifiers_count": 3,
				"informative_identifiers": [],
				"parent": null
			},
			{
				"tactic": "Execution",
				"technique": "Windows Management Instrumentation",
				"attck_id": "T1047",
				"attck_id_wiki": "https://attack.mitre.org/techniques/T1047",
				"malicious_identifiers_count": 0,
				"malicious_identifiers": [],
				"suspicious_identifiers_count": 1,
				"suspicious_identifiers": [],
				"informative_identifiers_count": 1,
				"informative_identifiers": [],
				"parent": null
			}
		],
		"network_mode": "default",
		"signatures": [
			{
				"threat_level": 0,
				"threat_level_human": "informative",
				"category": "General",
				"identifier": "static-99",
				"type": 0,
				"relevance": 1,
				"name": "Contains ability to download files from the internet",
				"description": "Observed function downloadfile in b927e7cfeada375ee4a262d0b761bf8f07c97bbed476fcb991f06816004b6e93.bin",
				"origin": "Static Parser",
				"attck_id": "T1105",
				"capec_id": null,
				"attck_id_wiki": "https://attack.mitre.org/techniques/T1105"
			},
			{
				"threat_level": 0,
				"threat_level_human": "informative",
				"category": "General",
				"identifier": "string-135",
				"type": 2,
				"relevance": 1,
				"name": "Found well known domains (string)",
				"description": "\"mhttps://github.com/LimerBoy/StormKitty\" (Indicator: \"github.com\")",
				"origin": "String",
				"attck_id": null,
				"capec_id": null,
				"attck_id_wiki": null
			}
		]
	}
]
```

## Workflow Library Example

[Retrieve All Scans for Given Hash with Hybrid Analysis and Send Results Via Email](https://library.blinkops.com/workflows/retrieve-all-scans-for-given-hash-with-hybrid-analysis-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/retrieve-all-scans-for-given-hash-with-hybrid-analysis-and-send-results-via-email/canvas" />
</div>
