PCAP files that contain the file.
The pcap_parents relationship returns a list of PCAP files containing a given file. This relationship is only available for Premium API users.
This relationship can be retrieved using the relationships API endpoint. The response contains a list of File objects.
{
"data": [
<FILE_OBJECT>,
<FILE_OBJECT>
...
],
"links": {
"next": "<string>",
"self": "<string>"
},
"meta": {
"count": <int>,
"cursor": "<string>"
}
}
{
"data": [
{
"attributes": {
"creation_date": 1587044124,
"downloadable": true,
"first_submission_date": 1587049407,
"last_analysis_date": 1588653326,
"last_analysis_results": {
"ALYac": {
"category": "undetected",
"engine_name": "ALYac",
"engine_update": "20200505",
"engine_version": "1.1.1.5",
"method": "blacklist",
"result": "Trojan.GenericKD.42996961"
},
"APEX": {
"category": "type-unsupported",
"engine_name": "APEX",
"engine_update": "20200504",
"engine_version": "6.18",
"method": "blacklist",
"result": "Malicious"
},
"AVG": {
"category": "undetected",
"engine_name": "AVG",
"engine_update": "20200505",
"engine_version": "18.4.3895.0",
"method": "blacklist",
"result": null
},
"Acronis": {
"category": "undetected",
"engine_name": "Acronis",
"engine_update": "20200422",
"engine_version": "1.1.1.75",
"method": "blacklist",
"result": "suspicious"
},
"Ad-Aware": {
"category": "type-unsupported",
"engine_name": "Ad-Aware",
"engine_update": "20200505",
"engine_version": "3.0.5.370",
"method": "blacklist",
"result": "Trojan.GenericKD.42996961"
},
"AegisLab": {
"category": "undetected",
"engine_name": "AegisLab",
"engine_update": "20200505",
"engine_version": "4.2",
"method": "blacklist",
"result": null
},
},
"last_analysis_stats": {
"confirmed-timeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 0,
"suspicious": 0,
"timeout": 1,
"type-unsupported": 2,
"undetected": 4
},
"last_modification_date": 1591945304,
"last_submission_date": 1587049407,
"magic": "tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)",
"md5": "b67828805dfdabf3a823278c3fdd37f7",
"meaningful_name": "blablabla.pcap",
"names": [
"blablabla.pcap"
],
"packers": {
"F-PROT": "CAB, embedded"
},
"reputation": 0,
"sha1": "a97e30d504b3e618fc377640d3e65793f6f37625",
"sha256": "abfa4d040cfb3cd9e22f2301bf0902330ca3a6031ce6a97324b1f1c31494696c",
"size": 445440,
"snort": {
"1": {
"alert": "(spp_sdf) SDF Combination Alert",
"classification": "Senstive Data",
"destinations": [
"2020-06-26 19:38:37.675293 {PROTO:254} 134.121.111.41 -> 11.3.56.11",
"2020-06-26 19:50:24.883513 {PROTO:254} 35.469.582.216 -> 14.6.16.10"
]
},
"11192": {
"alert": "FILE-EXECUTABLE download of executable content",
"classification": "Potential Corporate Privacy Violation",
"destinations": [
"2020-06-26 19:38:35.938402 {TCP} 112.114.441.41:80 -> 16.12.36.10:49591"
]
}
},
"ssdeep": "12288:GoL4Ene4T/vjLbeCJ6s8eFuiQe5Lb9u4eQae46/:Gwne4TDLbeBiGeo4e6/",
"suricata": {
"2001117": {
"alert": "ET DNS Standard query response, Name Error",
"classification": "Not Suspicious Traffic",
"destinations": [
"2020-06-26 20:02:28.173281 {UDP} 14.4.24.1:53 -> 13.3.23.101:58697",
"2020-06-26 20:02:29.622088 {UDP} 14.4.24.1:53 -> 13.3.23.101:60726",
"2020-06-26 20:02:31.030388 {UDP} 14.4.24.1:53 -> 13.3.23.101:54013",
"2020-06-26 20:18:26.441699 {UDP} 14.4.24.1:53 -> 13.3.23.101:64220",
"2020-06-26 20:18:26.600937 {UDP} 14.4.24.1:53 -> 13.3.23.101:52739",
"2020-06-26 20:18:26.600937 {UDP} 14.4.24.1:53 -> 13.3.23.101:52739"
]
}
},
"tags": [
"cap",
"shellcode",
"malware",
"trojan"
],
"times_submitted": 2,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"traffic_inspection": {
"http": [
{
"binary_filename": "blablabla.exe",
"binary_hash": "cbfg4f04hcfg8cdfe2he2301rfer02r30cvava6s71cfefa9f42eb1f1ce1494696c",
"binary_magic": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"datetime": "2020-06-26 19:38:35.590121",
"interesting_magic": 1,
"method": "GET",
"remote_host": "111.1.321.41:80",
"response_code": "200",
"response_size": 208384,
"url": "http://blablabla.com/blabla.exe",
"user-agent": "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
}
]
},
"trid": [
{
"file_type": "TCPDUMP's style capture (little-endian)",
"probability": 100.0
}
],
"type_description": "Network capture",
"type_tag": "cap",
"unique_sources": 1,
"wireshark": {
"dns": [
[
"blablabla.com",
[
"15.23.531.16"
]
],
[
"22wedz-crate.com",
[]
],
[
"48boden-flow.com",
[]
],
[
"81spdi-tick.com",
[]
],
[
"support.apple.com",
[
"104.95.64.77"
]
]
],
"pcap": {
"Capture duration": "3900.204600 seconds",
"Data size": "5576 kB",
"End time": "2020-06-26 20:43:35",
"File encapsulation": "Ethernet",
"File type": "pcap",
"Number of packets": "6916",
"Start time": "2020-06-26 19:38:35"
}
}
},
"id": "abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c",
"links": {
"self": "https://www.virustotal.com/api/v3/files/abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c"
},
"type": "file"
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/files/cbfg4f04hcfg8cdfe2he2301rfer02r30cvava6s71cfefa9f42eb1f1ce1494696c/pcap_parents?limit=2"
},
"meta": {
"count": 1
}
}