🔀 files

Files matching a VT Clue rule.

The files relationship returns the list of all files matching a given Clue rule.

This relationship can be retrieved using the relationships API endpoint. The response contains a list of File objects.

{
  "data": [
    <FILE_OBJECT>,
    <FILE_OBJECT>,
    ...
  ],
  "links": {
    "next": "<string>",
    "self": "<string>"
  },
  "meta": {
    "count": <int>,
    "cursor": "<string>"
  }
}
{
	"data": [
		{
			"attributes": {
				"authentihash": "0c4226e47eda883ce9eff9ec1ae6ce1a13ee3cc63e6960ae5a3ae4ad2e8eeee5",
				"creation_date": 1587044124,
				"downloadable": true,
				"exiftool": {
					"AssemblyVersion": "1.3.30.0",
					"CharacterSet": "Unicode",
					"CodeSize": "104448",
					"Comments": "blablablabla",
					"CompanyName": "blablabla",
					"EntryPoint": "0xccef",
					"FileDescription": "blablabla",
					"FileFlagsMask": "0x003f",
					"FileOS": "Win32",
					"FileSubtype": "0",
					"FileType": "Win32 EXE",
					"FileTypeExtension": "exe",
					"FileVersion": "1.3.30.0",
					"FileVersionNumber": "1.3.30.0",
					"ImageFileCharacteristics": "No relocs, Executable, Large address aware, 32-bit",
					"ImageVersion": "0.0",
					"InitializedDataSize": "339968",
					"InternalName": "blablabla.exe",
					"LanguageCode": "Neutral",
					"LegalCopyright": "Copyright © blablabla 2020",
					"LegalTrademarks": "blablabla",
					"LinkerVersion": "9.0",
					"MIMEType": "application/octet-stream",
					"MachineType": "Intel 386 or later, and compatibles",
					"OSVersion": "5.0",
					"ObjectFileType": "Executable application",
					"OriginalFileName": "blablabla.exe",
					"PEType": "PE32",
					"ProductName": "blablabla",
					"ProductVersion": "1.3.30.0",
					"ProductVersionNumber": "1.3.30.0",
					"Subsystem": "Windows GUI",
					"SubsystemVersion": "5.0",
					"TimeStamp": "2020:04:16 15:35:24+02:00",
					"UninitializedDataSize": "0"
				},
				"first_submission_date": 1587049407,
				"last_analysis_date": 1588653326,
				"last_analysis_results": {
					"ALYac": {
						"category": "malicious",
						"engine_name": "ALYac",
						"engine_update": "20200505",
						"engine_version": "1.1.1.5",
						"method": "blacklist",
						"result": "Trojan.GenericKD.42996961"
					},
					"APEX": {
						"category": "malicious",
						"engine_name": "APEX",
						"engine_update": "20200504",
						"engine_version": "6.18",
						"method": "blacklist",
						"result": "Malicious"
					},
					"AVG": {
						"category": "undetected",
						"engine_name": "AVG",
						"engine_update": "20200505",
						"engine_version": "18.4.3895.0",
						"method": "blacklist",
						"result": null
					},
					"Acronis": {
						"category": "malicious",
						"engine_name": "Acronis",
						"engine_update": "20200422",
						"engine_version": "1.1.1.75",
						"method": "blacklist",
						"result": "suspicious"
					},
					"Ad-Aware": {
						"category": "malicious",
						"engine_name": "Ad-Aware",
						"engine_update": "20200505",
						"engine_version": "3.0.5.370",
						"method": "blacklist",
						"result": "Trojan.GenericKD.42996961"
					},
					"AegisLab": {
						"category": "undetected",
						"engine_name": "AegisLab",
						"engine_update": "20200505",
						"engine_version": "4.2",
						"method": "blacklist",
						"result": null
					}
				},
				"last_analysis_stats": {
					"confirmed-timeout": 0,
					"failure": 0,
					"harmless": 0,
					"malicious": 4,
					"suspicious": 0,
					"timeout": 1,
					"type-unsupported": 0,
					"undetected": 2
				},
				"last_modification_date": 1591945304,
				"last_submission_date": 1587049407,
				"magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit",
				"md5": "b67828805dfdabf3a823278c3fdd37f7",
				"meaningful_name": "blablabla.exe",
				"names": [
					"blablabla.exe",
					"foo.exe"
				],
				"pe_info": {
					"debug": [
						{
							"codeview": {
								"age": 1,
								"guid": "4743e25-e470-ee67-e2a7-5ce85ee2afb7",
								"name": "                                                                                                        ",
								"signature": "RSDS"
							},
							"offset": 129512,
							"size": 129,
							"timestamp": "Fri Nov 23 19:58:56 2012",
							"type": 2,
							"type_str": "IMAGE_DEBUG_TYPE_CODEVIEW"
						}
					],
					"entry_point": 52463,
					"imphash": "9dd8c0ffefc8e287e5be665e3240f983",
					"import_list": [
						{
							"imported_functions": [
								"CreateToolhelp32Snapshot",
								"GetLastError",
								"InitializeCriticalSectionAndSpinCount",
								"HeapFree",
								"GetStdHandle",
								"EnterCriticalSection",
								"LCMapStringW",
								"HeapCreate",
								"lstrlenA",
								"WriteConsoleW",
								"GetConsoleCP",
								"GetOEMCP",
								"LCMapStringA",
								"IsDebuggerPresent"
							],
							"library_name": "KERNEL32.dll"
						}
					],
					"machine_type": 332,
					"resource_details": [
						{
							"chi2": 829672.125,
							"entropy": 3.8720788955688477,
							"filetype": "Data",
							"lang": "NEUTRAL",
							"sha256": "3d7460d292abef8a0900ddec6244894d7e2edb054bd13389ee7ed5b8908f3f88",
							"type": "RT_ICON"
						},
						{
							"chi2": 387563.8125,
							"entropy": 3.693312168121338,
							"filetype": "Data",
							"lang": "NEUTRAL",
							"sha256": "2802c59713b7872e17df2ef6c9b10b3e879a2618e84c297e8dde8ed452eb5e116",
							"type": "RT_ICON"
						}
					],
					"resource_langs": {
						"NEUTRAL": 2
					},
					"resource_types": {
						"RT_ICON": 3
					},
					"sections": [
						{
							"chi2": 507704.625,
							"entropy": 6.74595308303833,
							"flags": "rx",
							"md5": "31e33d2e3f3ba3efe0a362c39713b198",
							"name": ".text",
							"raw_size": 104448,
							"virtual_address": 4096,
							"virtual_size": 104152
						},
						{
							"chi2": 415246.46875,
							"entropy": 6.443132400512695,
							"flags": "r",
							"md5": "2a33cd3e315343b43c3620332d3a9376",
							"name": ".rdata",
							"raw_size": 28160,
							"virtual_address": 110592,
							"virtual_size": 28146
						}
					],
					"timestamp": 1587044124
				},
				"reputation": 0,
				"sha1": "a97e30d504b3e618fc377640d3e65793f6f37625",
				"sha256": "abfa4d040cfb3cd9e22f2301bf0902330ca3a6031ce6a97324b1f1c31494696c",
				"signature_info": {
					"comments": "blablabla",
					"copyright": "Copyright © blabla 2020",
					"description": "blablabla",
					"file version": "1.3.30.0",
					"internal name": "blablabla.exe",
					"original name": "blablabla.exe",
					"product": "blablabla"
				},
				"size": 445440,
				"ssdeep": "12288:GoL4Ene4T/vjLbeCJ6s8eFuiQe5Lb9u4eQae46/:Gwne4TDLbeBiGeo4e6/",
				"tags": [
					"peexe",
					"runtime-modules",
					"direct-cpu-clock-access",
					"detect-debug-environment"
				],
				"times_submitted": 2,
				"total_votes": {
					"harmless": 0,
					"malicious": 0
				},
				"trid": [
					{
						"file_type": "Win32 Executable MS Visual C++ (generic)",
						"probability": 41.0
					},
					{
						"file_type": "Win64 Executable (generic)",
						"probability": 36.3
					},
					{
						"file_type": "Win32 Dynamic Link Library (generic)",
						"probability": 8.6
					},
					{
						"file_type": "Win32 Executable (generic)",
						"probability": 5.9
					},
					{
						"file_type": "OS/2 Executable (generic)",
						"probability": 2.6
					}
				],
				"type_description": "Win32 EXE",
				"type_tag": "peexe",
				"unique_sources": 1,
				"vhash": "0450466e6d157ez54ez10etz"
			},
			"id": "abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c",
			"links": {
				"self": "https://www.virustotal.com/api/v3/files/abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c"
			},
			"type": "file"
		}
	],
	"links": {
		"next": "https://www.virustotal.com/api/v3/clue_rules/0c1546a4014b9b4c24d149940b481431e14cd4ed1f44e474c85944924532994d/files?cursor=CrMBEqwBahFzfnZpcnVzdG90YWxjbG91ZHKWAQsSBlNhbXBsZSJAMDNiOGI3MTY3NTE1ZmI5ZTgzODExNWY5ZDkyO3E0MT31M2RiZjI3ODE3YjAwM231ZWEyYzk3OTQ0ZmRmM2M1NAwLEgRDbHVlIkAwM2I4YjcxNjc1MTVmYjllODM4MTE1ZjlkOTI5YTQxNDUzZGJmMjc4MTliMDAzYzVlYTJjOTc5NDRmZGYzYzU0DBgAIAA%3D&limit=1",
		"self": "https://www.virustotal.com/api/v3/clue_rules/0c1546a4014b9b4c24d149940b481431e14cd4ed1f44e474c85944924532994d/files?limit=1"
	},
	"meta": {
		"count": 200,
		"cursor": "CrMBEqwBahFzfnZpcnVzdG90YWxjbG91ZHKWAQsSBlNhbXBsZSJAMDNiOGI3MTY3NTE1ZmI5ZTgzODExNWY5ZDkyO3E0MT31M2RiZjI3ODE3YjAwM231ZWEyYzk3OTQ0ZmRmM2M1NAwLEgRDbHVlIkAwM2I4YjcxNjc1MTVmYjllODM4MTE1ZjlkOTI5YTQxNDUzZGJmMjc4MTliMDAzYzVlYTJjOTc5NDRmZGYzYzU0DBgAIAA="
	}
}