Get information about a file.

External Documentation

To learn more, visit the VirusTotal documentation.

Parameters

ParameterDescription
File HashThe SHA-256, SHA-1 or MD5 identifying the file.

Example Output

{
  "data": {
    "id": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
    "type": "file",
    "links": {
      "self": "https://www.virustotal.com/api/v3/files/9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
    },
    "attributes": {
      "ssdeep": "3:Hn:Hn",
      "last_submission_date": 1739970203,
      "magika": "TXT",
      "meaningful_name": ".npmignore",
      "reputation": 156,
      "type_description": "Text",
      "last_analysis_results": {
        "Lionic": {
          "method": "blacklist",
          "engine_name": "Lionic",
          "engine_version": "8.16",
          "engine_update": "20250219",
          "category": "undetected",
          "result": null
        },
        "ClamAV": {
          "method": "blacklist",
          "engine_name": "ClamAV",
          "engine_version": "1.4.2.0",
          "engine_update": "20250219",
          "category": "undetected",
          "result": null
        },
        "CMC": {
          "method": "blacklist",
          "engine_name": "CMC",
          "engine_version": "2.4.2022.1",
          "engine_update": "20250218",
          "category": "undetected",
          "result": null
        },
        "CAT-QuickHeal": {
          "method": "blacklist",
          "engine_name": "CAT-QuickHeal",
          "engine_version": "22.00",
          "engine_update": "20250218",
          "category": "undetected",
          "result": null
        },
        "ALYac": {
          "method": "blacklist",
          "engine_name": "ALYac",
          "engine_version": "2.0.0.10",
          "engine_update": "20250219",
          "category": "undetected",
          "result": null
        },
        "Malwarebytes": {
          "method": "blacklist",
          "engine_name": "Malwarebytes",
          "engine_version": "4.5.5.54",
          "engine_update": "20250219",
          "category": "undetected",
          "result": null
        },
        "VIPRE": {
          "method": "blacklist",
          "engine_name": "VIPRE",
          "engine_version": "6.0.0.35",
          "engine_update": "20250219",
          "category": "undetected",
          "result": null
        },
        ...
        "Trustlook": {
          "method": "blacklist",
          "engine_name": "Trustlook",
          "engine_version": "1.0",
          "engine_update": "20250219",
          "category": "type-unsupported",
          "result": null
        }
      },
      "sha256": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
      "first_submission_date": 1172504143,
      "sigma_analysis_stats": {
        "critical": 0,
        "high": 0,
        "medium": 1,
        "low": 0
      },
      "tlsh": "TNULL",
      "first_seen_itw_date": 1306049201,
      "unique_sources": 1804,
      "tags": [
        "idle",
        "trusted",
        "known-distributor",
        "attachment",
        "text",
        "nsrl",
        "via-tor",
        "long-sleeps"
      ],
      "size": 4,
      "last_modification_date": 1739970324,
      "sandbox_verdicts": {
        "Zenbox": {
          "category": "harmless",
          "malware_classification": [
            "CLEAN"
          ],
          "sandbox_name": "Zenbox",
          "confidence": 100
        }
      },
      "filecondis": {
        "raw_md5": "ddb48f21ef9fc7f7d125dbf855dcdbbf",
        "dhash": "8100000000000080"
      },
      "sigma_analysis_summary": {
        "Sigma Integrated Rule Set (GitHub)": {
          "critical": 0,
          "high": 0,
          "medium": 1,
          "low": 0
        }
      },
      "names": [
        "UnityAdsTest.txt",
        "test.txt",
        "file.txt",
        "152",
        "writetest.test",
        "broken_chunk.mp3",
        "test.js",
        ".npmignore",
        ...
      ],
      "known_distributors": {
        "distributors": [
          "Microsoft",
          "tsurugi-linux.org"
        ],
        "filenames": [
          "readme.txt",
          "test.properties",
          "[",
          "#.{as",
          "placeholder.txt",
          "OUTPUT_DATE_FORMAT",
          "whte16.out",
          ".npmignore"
        ],
        "products": [
          "Linux Format Mandrake 9.1",
          "Red Hat Linux Unleashed THIRD EDITION",
          "Red Hat Linux 9",
          "Red Hat Linux 7.1 Operating System and Applications",
          ...
        ],
        "data_sources": [
          "Microsoft Corporation",
          "National Software Reference Library (NSRL)"
        ]
      },
      "nsrl_info": {
        "products": [
          "IBM Developer Connection (IBM Inc.)",
          "Linux Format Great Game Demos (Future Publishing)",
          "Linux Format Seapine Surround SCM (Future Publishing)",
          "MSDN Subscriptions Library (Microsoft)",
          "Slackware Linux 10.1 (Linux Magazine)"
        ],
        "filenames": [
          "whte16.out",
          "#.{as",
          "cyber11.txt, cyber12.txt, etched1.txt, etched2.txt, etched3.txt, test.txt",
          "placeholder.txt",
          "#.{_!, #.{__"
        ]
      },
      "total_votes": {
        "harmless": 36,
        "malicious": 12
      },
      "sha1": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
      "sigma_analysis_results": [
        {
          "rule_level": "medium",
          "rule_id": "098155535b5f140a45c1a07ea729542903d8e4bb81674f7e3a5636d6d121422d",
          "rule_source": "Sigma Integrated Rule Set (GitHub)",
          "rule_title": "Potentially Suspicious DMP/HDMP File Creation",
          "rule_description": "Detects the creation of a file with the \".dmp\"/\".hdmp\" extension by a shell or scripting application such as \"cmd\", \"powershell\", etc. Often created by software during a crash. Memory dumps can sometimes contain sensitive information such as credentials. It's best to determine the source of the crash.",
          "rule_author": "Nasreddine Bencherchali (Nextron Systems)",
          "match_context": [
            {
              "values": {
                "Image": "C:\\Windows\\SysWOW64\\wscript.exe",
                "EventID": "11",
                "TargetFilename": "C:\\xngEmCkOi\\memory\\504.dmp"
              }
            }
          ]
        }
      ],
      "times_submitted": 3762,
      "type_tag": "text",
      "last_analysis_stats": {
        "malicious": 0,
        "suspicious": 0,
        "undetected": 55,
        "harmless": 0,
        "timeout": 5,
        "confirmed-timeout": 0,
        "failure": 1,
        "type-unsupported": 15
      },
      "type_extension": "txt",
      "vhash": "9eecb7db59d16c80417c72d1e1f4fbf1",
      "magic": "ASCII text, with no line terminators",
      "trusted_verdict": {
        "organization": "Microsoft Corporation",
        "verdict": "goodware",
        "generator": "Microsoft Corporation",
        "filename": ".npmignore"
      },
      "md5": "098f6bcd4621d373cade4e832627b4f6",
      "last_analysis_date": 1739970203,
      "type_tags": [
        "text"
      ]
    }
  }
}

Workflow Library Example

Get File Report with Virustotal and Send Results Via Email

Preview this Workflow on desktop