File containing the IP address on its strings.
The referrer_files relationship returns a list of files containing the given IP address on its strings.
This relationship can be retrieved using the relationships API endpoint. The response contains a list of File objects.
{
"data": [
<FILE_OBJECT>,
<FILE_OBJECT>,
...
],
"links": {
"next": "<string>",
"self": "<string>"
},
"meta": {
"count": <int>,
"cursor": "<string>"
}
}
{
"data": [
{
"attributes": {
"authentihash": "0c4226e47eda883ce9eff9ec1ae6ce1a13ee3cc63e6960ae5a3ae4ad2e8eeee5",
"creation_date": 1587044124,
"downloadable": true,
"exiftool": {
"AssemblyVersion": "1.3.30.0",
"CharacterSet": "Unicode",
"CodeSize": "104448",
"Comments": "blablablabla",
"CompanyName": "blablabla",
"EntryPoint": "0xccef",
"FileDescription": "blablabla",
"FileFlagsMask": "0x003f",
"FileOS": "Win32",
"FileSubtype": "0",
"FileType": "Win32 EXE",
"FileTypeExtension": "exe",
"FileVersion": "1.3.30.0",
"FileVersionNumber": "1.3.30.0",
"ImageFileCharacteristics": "No relocs, Executable, Large address aware, 32-bit",
"ImageVersion": "0.0",
"InitializedDataSize": "339968",
"InternalName": "blablabla.exe",
"LanguageCode": "Neutral",
"LegalCopyright": "Copyright Β© blablabla 2020",
"LegalTrademarks": "blablabla",
"LinkerVersion": "9.0",
"MIMEType": "application/octet-stream",
"MachineType": "Intel 386 or later, and compatibles",
"OSVersion": "5.0",
"ObjectFileType": "Executable application",
"OriginalFileName": "blablabla.exe",
"PEType": "PE32",
"ProductName": "blablabla",
"ProductVersion": "1.3.30.0",
"ProductVersionNumber": "1.3.30.0",
"Subsystem": "Windows GUI",
"SubsystemVersion": "5.0",
"TimeStamp": "2020:04:16 15:35:24+02:00",
"UninitializedDataSize": "0"
},
"first_submission_date": 1587049407,
"last_analysis_date": 1588653326,
"last_analysis_results": {
"ALYac": {
"category": "malicious",
"engine_name": "ALYac",
"engine_update": "20200505",
"engine_version": "1.1.1.5",
"method": "blacklist",
"result": "Trojan.GenericKD.42996961"
},
"APEX": {
"category": "malicious",
"engine_name": "APEX",
"engine_update": "20200504",
"engine_version": "6.18",
"method": "blacklist",
"result": "Malicious"
},
"AVG": {
"category": "undetected",
"engine_name": "AVG",
"engine_update": "20200505",
"engine_version": "18.4.3895.0",
"method": "blacklist",
"result": null
},
"Acronis": {
"category": "malicious",
"engine_name": "Acronis",
"engine_update": "20200422",
"engine_version": "1.1.1.75",
"method": "blacklist",
"result": "suspicious"
},
"Ad-Aware": {
"category": "malicious",
"engine_name": "Ad-Aware",
"engine_update": "20200505",
"engine_version": "3.0.5.370",
"method": "blacklist",
"result": "Trojan.GenericKD.42996961"
},
"AegisLab": {
"category": "undetected",
"engine_name": "AegisLab",
"engine_update": "20200505",
"engine_version": "4.2",
"method": "blacklist",
"result": null
},
},
"last_analysis_stats": {
"confirmed-timeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 4,
"suspicious": 0,
"timeout": 1,
"type-unsupported": 0,
"undetected": 2
},
"last_modification_date": 1591945304,
"last_submission_date": 1587049407,
"magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit",
"md5": "b67828805dfdabf3a823278c3fdd37f7",
"meaningful_name": "blablabla.exe",
"names": [
"blablabla.exe",
"foo.exe"
],
"pe_info": {
"debug": [
{
"codeview": {
"age": 1,
"guid": "4743e25-e470-ee67-e2a7-5ce85ee2afb7",
"name": " ",
"signature": "RSDS"
},
"offset": 129512,
"size": 129,
"timestamp": "Fri Nov 23 19:58:56 2012",
"type": 2,
"type_str": "IMAGE_DEBUG_TYPE_CODEVIEW"
}
],
"entry_point": 52463,
"imphash": "9dd8c0ffefc8e287e5be665e3240f983",
"import_list": [
{
"imported_functions": [
"CreateToolhelp32Snapshot",
"GetLastError",
"InitializeCriticalSectionAndSpinCount",
"HeapFree",
"GetStdHandle",
"EnterCriticalSection",
"LCMapStringW",
"HeapCreate",
"lstrlenA",
"WriteConsoleW",
"GetConsoleCP",
"GetOEMCP",
"LCMapStringA",
"IsDebuggerPresent"
],
"library_name": "KERNEL32.dll"
},
},
"machine_type": 332,
"resource_details": [
{
"chi2": 829672.125,
"entropy": 3.8720788955688477,
"filetype": "Data",
"lang": "NEUTRAL",
"sha256": "3d7460d292abef8a0900ddec6244894d7e2edb054bd13389ee7ed5b8908f3f88",
"type": "RT_ICON"
},
{
"chi2": 387563.8125,
"entropy": 3.693312168121338,
"filetype": "Data",
"lang": "NEUTRAL",
"sha256": "2802c59713b7872e17df2ef6c9b10b3e879a2618e84c297e8dde8ed452eb5e116",
"type": "RT_ICON"
},
],
"resource_langs": {
"NEUTRAL": 2
},
"resource_types": {
"RT_ICON": 3
},
"sections": [
{
"chi2": 507704.625,
"entropy": 6.74595308303833,
"flags": "rx",
"md5": "31e33d2e3f3ba3efe0a362c39713b198",
"name": ".text",
"raw_size": 104448,
"virtual_address": 4096,
"virtual_size": 104152
},
{
"chi2": 415246.46875,
"entropy": 6.443132400512695,
"flags": "r",
"md5": "2a33cd3e315343b43c3620332d3a9376",
"name": ".rdata",
"raw_size": 28160,
"virtual_address": 110592,
"virtual_size": 28146
},}
],
"timestamp": 1587044124
},
"reputation": 0,
"sha1": "a97e30d504b3e618fc377640d3e65793f6f37625",
"sha256": "abfa4d040cfb3cd9e22f2301bf0902330ca3a6031ce6a97324b1f1c31494696c",
"signature_info": {
"comments": "blablabla",
"copyright": "Copyright Β© blabla 2020",
"description": "blablabla",
"file version": "1.3.30.0",
"internal name": "blablabla.exe",
"original name": "blablabla.exe",
"product": "blablabla"
},
"size": 445440,
"ssdeep": "12288:GoL4Ene4T/vjLbeCJ6s8eFuiQe5Lb9u4eQae46/:Gwne4TDLbeBiGeo4e6/",
"tags": [
"peexe",
"runtime-modules",
"direct-cpu-clock-access",
"detect-debug-environment"
],
"times_submitted": 2,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"trid": [
{
"file_type": "Win32 Executable MS Visual C++ (generic)",
"probability": 41.0
},
{
"file_type": "Win64 Executable (generic)",
"probability": 36.3
},
{
"file_type": "Win32 Dynamic Link Library (generic)",
"probability": 8.6
},
{
"file_type": "Win32 Executable (generic)",
"probability": 5.9
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 2.6
}
],
"type_description": "Win32 EXE",
"type_tag": "peexe",
"unique_sources": 1,
"vhash": "0450466e6d157ez54ez10etz"
},
"id": "abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c",
"links": {
"self": "https://www.virustotal.com/api/v3/files/abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c"
},
"type": "file"
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/1.2.3.4/referrer_files?limit=10"
},
"meta": {
"count": 1
}
}