Search for files, URLs, domains, IP addresses, or tag comments. This action returns a list of objects matching your query.

External Documentation

To learn more, visit the VirusTotal documentation.

Parameters

ParameterDescription
QueryThe query value used to find matching objects. This can be a file hash, URL, domain, IP address, or tag comment.

Example Output

{
  "data": [
    {
      "id": "<string>",
      "type": "<string>",
      "links": {
        "self": "<string>"
      },
      "attributes": {
        "type_tag": "<string>",
        "authentihash": "<string>",
        "type_description": "<string>",
        "magika": "<string>",
        "first_seen_itw_date": 878657271,
        "md5": "<string>",
        "sha256": "<string>",
        "vhash": "<string>",
        "times_submitted": 812,
        "trid": [
          {
            "file_type": "<string>",
            "probability": 81
          },
          {
            "file_type": "<string>",
            "probability": 35
          }
        ],
        "pe_info": {
          "timestamp": 286279624,
          "imphash": "<string>",
          "machine_type": 41161,
          "entry_point": 251501,
          "resource_details": [
            {
              "lang": "<string>",
              "chi2": 56998,
              "filetype": "<string>",
              "entropy": 2,
              "sha256": "<string>",
              "type": "<string>"
            },
            {
              "lang": "<string>",
              "chi2": 12845,
              "filetype": "<string>",
              "entropy": 4,
              "sha256": "<string>",
              "type": "<string>"
            }
          ],
          "resource_langs": {
            "ENGLISH US": 92
          },
          "resource_types": {
            "RT_MANIFEST": 0,
            "RT_GROUP_CURSOR": 2,
            "RT_ICON": 15,
            "REGINST": 211,
            "RT_CURSOR": 784,
            "MUI": 2,
            "RT_VERSION": 1,
            "RT_GROUP_ICON": 7
          },
          "sections": [
            {
              "name": "<string>",
              "chi2": 286.23,
              "virtual_address": 1697,
              "entropy": 172.14,
              "raw_size": 4633,
              "flags": "<string>",
              "virtual_size": 265979,
              "md5": "<string>"
            },
            {
              "name": "<string>",
              "chi2": 871808,
              "virtual_address": 104828,
              "entropy": 9,
              "raw_size": 34776,
              "flags": "<string>",
              "virtual_size": 38878,
              "md5": "<string>"
            }
          ],
          "compiler_product_versions": [
            "<string>",
            "<string>"
          ],
          "rich_pe_header_hash": "<string>",
          "import_list": [
            {
              "library_name": "<string>",
              "imported_functions": [
                "<string>",
                "<string>"
              ]
            },
            {
              "library_name": "<string>",
              "imported_functions": [
                "<string>",
                "<string>"
              ]
            }
          ]
        },
        "meaningful_name": "<string>",
        "unique_sources": 168,
        "last_modification_date": 1617351466,
        "reputation": 142,
        "filecondis": {
          "dhash": "<string>",
          "raw_md5": "<string>"
        },
        "ssdeep": "<string>",
        "type_extension": "<string>",
        "total_votes": {
          "harmless": 181,
          "malicious": 403
        },
        "size": 330232,
        "tlsh": "<string>",
        "last_analysis_stats": {
          "malicious": 2,
          "suspicious": 649,
          "undetected": 100,
          "harmless": 1,
          "timeout": 1,
          "confirmed-timeout": 0,
          "failure": 2,
          "type-unsupported": 1
        },
        "creation_date": 2989090741,
        "type_tags": [
          "<string>",
          "<string>"
        ],
        "signature_info": {
          "description": "<string>",
          "file version": "<string>",
          "original name": "<string>",
          "product": "<string>",
          "internal name": "<string>",
          "copyright": "<string>"
        },
        "detectiteasy": {
          "filetype": "<string>",
          "values": [
            {
              "info": "<string>",
              "version": "<string>",
              "type": "<string>",
              "name": "<string>"
            },
            {
              "version": "<string>",
              "type": "<string>",
              "name": "<string>"
            }
          ]
        },
        "last_submission_date": 635846486,
        "magic": "<string>",
        "last_analysis_date": 3074979654,
        "first_submission_date": 3014664622,
        "last_analysis_results": {
          "Bkav": {
            "method": "<string>",
            "engine_name": "<string>",
            "engine_version": "<string>",
            "engine_update": "20221116",
            "category": "<string>",
            "result": null
          "Avast-Mobile": {
            "method": "<string>",
            "engine_name": "<string>",
            "engine_version": "<string>",
            "engine_update": "20221116",
            "category": "<string>",
            "result": null
          }
        },
        "tags": [
          "<string>",
          "<string>"
        ],
        "sha1": "<string>",
        "names": [
          "<string>",
          "<string>"
        ]
      }
    }
  ],
  "links": {
    "self": "<string>"
  }
}

Workflow Library Example

Verify Ioc with Virustotal

Preview this Workflow on desktop