The downloaded_files relationship returns a list of files that were available from an URL under the given IP address at some moment. This relationship is only available for Premium API users.
This relationship can be retrieved using the relationships API endpoint. The response contains a list of File objects.
{
"data": [
<FILE_OBJECT>,
<FILE_OBJECT>,
...
],
"links": {
"next": "<string>",
"self": "<string>"
},
"meta": {
"count": <int>,
"cursor": "<string>"
}
}
{
"data": [
{
"attributes": {
"authentihash": "0c4226e47eda883ce9eff9ec1ae6ce1a13ee3cc63e6960ae5a3ae4ad2e8eeee5",
"creation_date": 1587044124,
"downloadable": true,
"exiftool": {
"AssemblyVersion": "1.3.30.0",
"CharacterSet": "Unicode",
"CodeSize": "104448",
"Comments": "blablablabla",
"CompanyName": "blablabla",
"EntryPoint": "0xccef",
"FileDescription": "blablabla",
"FileFlagsMask": "0x003f",
"FileOS": "Win32",
"FileSubtype": "0",
"FileType": "Win32 EXE",
"FileTypeExtension": "exe",
"FileVersion": "1.3.30.0",
"FileVersionNumber": "1.3.30.0",
"ImageFileCharacteristics": "No relocs, Executable, Large address aware, 32-bit",
"ImageVersion": "0.0",
"InitializedDataSize": "339968",
"InternalName": "blablabla.exe",
"LanguageCode": "Neutral",
"LegalCopyright": "Copyright ยฉ blablabla 2020",
"LegalTrademarks": "blablabla",
"LinkerVersion": "9.0",
"MIMEType": "application/octet-stream",
"MachineType": "Intel 386 or later, and compatibles",
"OSVersion": "5.0",
"ObjectFileType": "Executable application",
"OriginalFileName": "blablabla.exe",
"PEType": "PE32",
"ProductName": "blablabla",
"ProductVersion": "1.3.30.0",
"ProductVersionNumber": "1.3.30.0",
"Subsystem": "Windows GUI",
"SubsystemVersion": "5.0",
"TimeStamp": "2020:04:16 15:35:24+02:00",
"UninitializedDataSize": "0"
},
"first_submission_date": 1587049407,
"last_analysis_date": 1588653326,
"last_analysis_results": {
"ALYac": {
"category": "malicious",
"engine_name": "ALYac",
"engine_update": "20200505",
"engine_version": "1.1.1.5",
"method": "blacklist",
"result": "Trojan.GenericKD.42996961"
},
"APEX": {
"category": "malicious",
"engine_name": "APEX",
"engine_update": "20200504",
"engine_version": "6.18",
"method": "blacklist",
"result": "Malicious"
},
"AVG": {
"category": "undetected",
"engine_name": "AVG",
"engine_update": "20200505",
"engine_version": "18.4.3895.0",
"method": "blacklist",
"result": null
},
"Acronis": {
"category": "malicious",
"engine_name": "Acronis",
"engine_update": "20200422",
"engine_version": "1.1.1.75",
"method": "blacklist",
"result": "suspicious"
},
"Ad-Aware": {
"category": "malicious",
"engine_name": "Ad-Aware",
"engine_update": "20200505",
"engine_version": "3.0.5.370",
"method": "blacklist",
"result": "Trojan.GenericKD.42996961"
},
"AegisLab": {
"category": "undetected",
"engine_name": "AegisLab",
"engine_update": "20200505",
"engine_version": "4.2",
"method": "blacklist",
"result": null
},
},
"last_analysis_stats": {
"confirmed-timeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 4,
"suspicious": 0,
"timeout": 1,
"type-unsupported": 0,
"undetected": 2
},
"last_modification_date": 1591945304,
"last_submission_date": 1587049407,
"magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit",
"md5": "b67828805dfdabf3a823278c3fdd37f7",
"meaningful_name": "blablabla.exe",
"names": [
"blablabla.exe",
"foo.exe"
],
"pe_info": {
"debug": [
{
"codeview": {
"age": 1,
"guid": "4743e25-e470-ee67-e2a7-5ce85ee2afb7",
"name": " ",
"signature": "RSDS"
},
"offset": 129512,
"size": 129,
"timestamp": "Fri Nov 23 19:58:56 2012",
"type": 2,
"type_str": "IMAGE_DEBUG_TYPE_CODEVIEW"
}
],
"entry_point": 52463,
"imphash": "9dd8c0ffefc8e287e5be665e3240f983",
"import_list": [
{
"imported_functions": [
"CreateToolhelp32Snapshot",
"GetLastError",
"InitializeCriticalSectionAndSpinCount",
"HeapFree",
"GetStdHandle",
"EnterCriticalSection",
"LCMapStringW",
"HeapCreate",
"lstrlenA",
"WriteConsoleW",
"GetConsoleCP",
"GetOEMCP",
"LCMapStringA",
"IsDebuggerPresent"
],
"library_name": "KERNEL32.dll"
},
},
"machine_type": 332,
"resource_details": [
{
"chi2": 829672.125,
"entropy": 3.8720788955688477,
"filetype": "Data",
"lang": "NEUTRAL",
"sha256": "3d7460d292abef8a0900ddec6244894d7e2edb054bd13389ee7ed5b8908f3f88",
"type": "RT_ICON"
},
{
"chi2": 387563.8125,
"entropy": 3.693312168121338,
"filetype": "Data",
"lang": "NEUTRAL",
"sha256": "2802c59713b7872e17df2ef6c9b10b3e879a2618e84c297e8dde8ed452eb5e116",
"type": "RT_ICON"
},
],
"resource_langs": {
"NEUTRAL": 2
},
"resource_types": {
"RT_ICON": 3
},
"sections": [
{
"chi2": 507704.625,
"entropy": 6.74595308303833,
"flags": "rx",
"md5": "31e33d2e3f3ba3efe0a362c39713b198",
"name": ".text",
"raw_size": 104448,
"virtual_address": 4096,
"virtual_size": 104152
},
{
"chi2": 415246.46875,
"entropy": 6.443132400512695,
"flags": "r",
"md5": "2a33cd3e315343b43c3620332d3a9376",
"name": ".rdata",
"raw_size": 28160,
"virtual_address": 110592,
"virtual_size": 28146
},}
],
"timestamp": 1587044124
},
"reputation": 0,
"sha1": "a97e30d504b3e618fc377640d3e65793f6f37625",
"sha256": "abfa4d040cfb3cd9e22f2301bf0902330ca3a6031ce6a97324b1f1c31494696c",
"signature_info": {
"comments": "blablabla",
"copyright": "Copyright ยฉ blabla 2020",
"description": "blablabla",
"file version": "1.3.30.0",
"internal name": "blablabla.exe",
"original name": "blablabla.exe",
"product": "blablabla"
},
"size": 445440,
"ssdeep": "12288:GoL4Ene4T/vjLbeCJ6s8eFuiQe5Lb9u4eQae46/:Gwne4TDLbeBiGeo4e6/",
"tags": [
"peexe",
"runtime-modules",
"direct-cpu-clock-access",
"detect-debug-environment"
],
"times_submitted": 2,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"trid": [
{
"file_type": "Win32 Executable MS Visual C++ (generic)",
"probability": 41.0
},
{
"file_type": "Win64 Executable (generic)",
"probability": 36.3
},
{
"file_type": "Win32 Dynamic Link Library (generic)",
"probability": 8.6
},
{
"file_type": "Win32 Executable (generic)",
"probability": 5.9
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 2.6
}
],
"type_description": "Win32 EXE",
"type_tag": "peexe",
"unique_sources": 1,
"vhash": "0450466e6d157ez54ez10etz"
},
"id": "abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c",
"links": {
"self": "https://www.virustotal.com/api/v3/files/abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c"
},
"type": "file"
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/1.2.3.4/downloaded_files?limit=10"
},
"meta": {
"count": 1
}
}