参考自微步在线云API
文件信誉报告
获取文件详细的静态分析&动态分析报告,包括文件的概要信息、网络行为、行为签名、静态信息、释放行为、进程行为、反病毒扫描引擎检测结果。
请求参数说明
| 序号 | 参数名称 | 必选 | 类型 | 描述 |
|---|---|---|---|---|
| 1 | apikey | 是 | string | API请求的身份识别标识。 |
| 2 | sha256 | 是 | string | 文件的 sha256 值,用于获取分析报告。为方便查询报告,sha256 可以替换成 md5 或 sha1。 |
| 3 | sandbox_type | 可选 | string | 沙箱运行环境,用户可以指定文件的沙箱运行环境,可选环境包括: - Windows win7_sp1_enx64_office2013 win7_sp1_enx86_office2013 win7_sp1_enx86_office2010 win7_sp1_enx86_office2007 win7_sp1_enx86_office2003 - Linux ubuntu_1704_x64 centos_7_x64 |
| 4 | query_fields | 可选 | string | 文件分析报告,默认获取全部,可选数据包括: - summary - network - signature - static - dropped - pstree - multiengines |
响应参数说明
| 序号 | 参数名称 | 类型 | 描述 |
|---|---|---|---|
| 1 | response_code | int | 响应正常会返回”0”。 其他Response code及对应msg描述参见”响应Code和Msg对照表 “ |
| 2 | verbose_msg | string | 响应正常会返回”Ok”。 其他Response code及对应msg描述参见”响应Code和Msg对照表 “ |
| 3 | multiengines | object | 反病毒扫描引擎检测结果。JSON对象,具体内容项描述如下: - result: 每个扫描引擎检测结果说明如下: 无检出:显示为safe。 有检出:显示具体的检出的病毒结果标签。如:Trojan。 - scan_time:多引擎扫描样本的具体时间。示例如:2019-10-22 16:17:48 |
| 4 | summary | object | 概要信息。JSON对象,具体内容项描述如下: - threat_level:威胁等级。分为Malicious(恶意)、suspicious(可疑)、clean(安全)三类。 - submit_time:文件提交时间,示例如:2019-01-22 17:36:21。 - file_name:文件名称。 - file_type:文件类型。 - sample_sha256:文件的 Hash 值。 - tag:标签。JSON对象,包含内容项如下: - s:静态标签。JSON数组。如:”时间戳异常”等。部分常见标签参见: “部分常见样本标签“ - x:反病毒引擎检测标签。JSON数组。如:”Trojan”等。 - threat_score:威胁评分值。 - sandbox_type:沙箱运行环境。运行环境全集参见: “沙箱运行环境全集“ - multi_engines:反病毒扫描引擎检出率。如”7/25”。 |
| 5 | signature | array | 行为签名。JSON数组,每个item包含内容项如下: - severity: 严重等级,int类型。数字越高等级越高。 - references: 引用, JSON数组。 - sig_class: 签名分类。字符串类型。 - name: 签名名称。字符串类型。 - description: 行为描述。 - markcount:标记计数, int类型。 - marks: 签名原始数据,JSON数组。 - families: 样本家族,JSON数组。 - attck_id: ATT&CK ID,int类型。 - attck_info: ATT&CK 详情,JSON数组。 |
| 6 | static | object | 静态信息。JSON对象。所有静态信息报告响应示例参见附录: “文件静态信息报告响应示例全集 “ |
| 7 | pstree | object | 进程行为。 |
| 8 | network | object | 网络行为。 - tls: TLS协议,JSON数组。 - udp: UDP协议,JSON数组。 - dns_servers: DNS服务,JSON数组。 - http: HTTP协议,JSON数组。 - irc: IRC 协议,JSON数组。 - smtp: SMTP协议,JSON数组。 - tcp: TCP协议,JSON数组。 - smtp_ex: SMTP 协议数据扩充,JSON数组。 - mitm: 中间人,JSON数组。 - hosts: 网络主机,JSON数组。 - dns: 域名系统,JSON数组。 - http_ex: HTTP 协议数据扩充,JSON数组。 - domains: 域名,JSON数组。 - dead_hosts: 失联主机,JSON数组。 - icmp: ICMP协议,JSON数组。 - https_ex: HTTPS 协议数据扩充,JSON数组。 |
| 9 | dropped | array | 释放行为。JSON数组,每个item包含内容如下: - sha1: 文件sha1值,字符串类型。 - sha256:文件 sha256值,字符串类型。 - md5: 文件md5值,字符串类型。 - urls:URLs提取,JSON数组。 - size: int类型。 - filepath: 文件路径,字符串类型。 - name:文件名称,字符串类型。 - crc32: 文件CRC32,字符串类型。 - ssdeep: 文件SSDeep值,字符串类型。 - type: 文件类型,字符串类型。 - yara: YARA,JSON数组。 |
响应示例(JSON)
{"response_code": 0,"data": {"summary": { // 概要信息"threat_level": "malicious",// 威胁等级(malicious 恶意, suspicious 可疑, clean 安全)"submit_time": "2019-01-22 17:36:21", // 文件提交时间"file_name": "test.exe", // 文件名称"file_type": "EXEx86", // 文件类型"sample_sha256": "{sha256}", // 文件的 Hash 值"tag": {"s": [ // 静态标签"语言neutral","时间戳异常"],"x": [ // 检测标签Trojan"]},"threat_score": 60,"sandbox_type": "win7_sp1_enx86_office2013", // 沙箱运行环境"multi_engines": "7/25" // 反病毒扫描引擎检出率},"multiengines": { // 反病毒扫描引擎检测结果(safe 无检出,e.g Trojan 检出结果)"result": {"Kaspersky": "Trojan","Microsoft": "safe"},"scan_time": "2019-10-22 16:17:48" //多引擎扫描样本的具体时间},"static": { // 静态信息,以 PE 文件为例"details": {"pe_version_info": [], // PE 文件版本信息"pe_sections": [], // PE 文件节表信息"pe_signatures": {}, // PE 文件签名信息"pe_imports": [], // PE 文件导入表信息"pe_resources": [], // PE 文件资源信息"tag": [], // PE 文件静态标签"pe_detect": {}, // PE 文件第三方检测信息"pe_basic": {}, // PE 文件基本信息"pe_exports": [] // PE 文件导出表信息},"basic": { // 文件基本信息"sha1": "{sha1}","sha256": "{sha256}","file_type": "{magic}","file_name": "test.exe","ssdeep": "{ssdeep}","file_size": 33397,"md5": "{md5}"}},"signature": [ // 行为签名{"severity": 1, // 严重等级,数字越高等级越高"references": [],"sig_class": "Static File Characteristics", // 签名分类"name": "static_linked", // 签名名称"description": "{"en": "Binary is statically linked", "cn": "此文件是静态链接的"}",//行为描述"markcount": 1,"marks": [], // 签名原始数据"families": [],"attck_id": "","attck_info": {}}],"dropped": [ // 释放行为{"sha1": "{sha1}","urls": [],"sha256": "{sha256}","size": 33558,"filepath": "C:\Users\test.exe","name": "test.exe","crc32": "","ssdeep": "{ssdeep}","type": "{magic}","yara": [],"md5": "{md5}"}],"pstree": { // 进程行为"children": [{"track": true,"pid": 1255, // 进程 ID"process_name": "", // 进程名称"command_line": "", // 进程命令符"first_seen": "17:36:34.047315676","ppid": 1209, // 父进程 ID"children": [] // 子进程 list}],"process_name": {"en": "Analysed 1 processes in total","cn": "共分析了1个进程"}},"network": { // 网络行为"tls": [],"udp": [],"dns_servers": [],"http": [],"irc": [],"smtp": [],"tcp": [],"smtp_ex": [],"mitm": [],"hosts": [],"dns": [],"http_ex": [],"domains": [],"dead_hosts": [],"icmp": [],"https_ex": []}},"verbose_msg": "OK"}
文件反病毒引擎检测报告
请求参数说明
| 序号 | 参数名称 | 必选 | 类型 | 描述 |
|---|---|---|---|---|
| 1 | apikey | 是 | string | API请求的身份识别标识。 |
| 2 | sha256 | 是 | string | 文件的 sha256 值,用于获取分析报告。 为方便查询报告,sha256 可以替换成 md5 或 sha1。 |
| 3 | sandbox_type | 可选 | string | 沙箱运行环境,用户可以指定文件的沙箱运行环境,可选环境包括: - Windows win7_sp1_enx64_office2013 win7_sp1_enx86_office2013 win7_sp1_enx86_office2010 win7_sp1_enx86_office2007 win7_sp1_enx86_office2003 - Linux ubuntu_1704_x64 centos_7_x64 |
响应参数说明
| 序号 | 参数名称 | 类型 | 描述 |
|---|---|---|---|
| 1 | response_code | int | 响应正常会返回”0”。 其他Response code及对应msg描述参见”响应Code和Msg对照表 “ |
| 2 | verbose_msg | string | 响应正常会返回”Ok”。 其他Response code及对应msg描述参见”响应Code和Msg对照表 “ |
| 3 | multiengines | object | 多引擎扫描报告。JSON对象。每个item描述如下: - threat_level:威胁等级: - malicious:恶意 - suspicious: 可疑 - clean: 安全 - total:反病毒扫描引擎检测成功的个数。 - total2:实际部署的反病毒扫描引擎个数。 - psitives:反病毒扫描引擎检出的个数。 - scan_date:最近扫描时间。 - malware_type:病毒类型,如DoS等。 - malware_family:病毒家族,如Xorddos!rfn等。 - scan:反病毒扫描引擎检测结果。每个item是1个扫描引擎检测结果,检测结果说明如下: - 无检出:显示为safe。 - 有检出:显示具体的检出的病毒结果标签。如:Trojan。 |
响应示例(JSON)
{"response_code": 0,"data": {"multiengines": {"threat_level": "malicious", // 威胁等级(malicious 恶意, suspicious 可疑, clean 安全)"total": 25, // 反病毒扫描引擎检测成功的个数"scans": { // 反病毒扫描引擎检测结果(safe 无检出,e.g Trojan 检出结果)"Tencent": "Trojan.Linux.XorDdos.a","vbwebshell": "safe","Avast": "safe","Kaiwei": "safe","Rising": "Trojan.Linux.DDoS-Xor.a","K7": "safe","Kaspersky": "safe","NANO": "safe","Baidu-China": "safe","Microsoft": "DoS:Linux/Xorddos!rfn","Kingsoft": "safe","ClamAV": "safe","IKARUS": "safe","Huorong": "Trojan/Linux.Xorddos.b","Avira": "safe","Sophos": "Linux/DDoS-BH","Panda": "safe","Antiy": "safe","AVG": "Trojan horse Linux/Generic_c.HN","Baidu": "safe","DrWeb": "safe","GDATA":"Trojan.Linux.Generic.7404","Qihu360": "safe","ESET": "Linux/Xorddos.F trojan","JiangMin": "TrojanDDoS.Linux.bn"},"is_white": false, // 是否为白名单文件,true 白名单"total2": 25, // 实际部署的反病毒扫描引擎个数"positives": 9, // 反病毒扫描引擎检出的个数"scan_date": "2019-01-22 13:23:55", // 最近扫描时间"malware_type": "DoS", // 病毒类型"malware_family": "Xorddos!rfn" // 病毒家族}},"verbose_msg": "OK"}
威胁类型全集
云API当中可判定的威胁类型全集如下:
| 英文名称 | 中文名称 |
|---|---|
| C2 | 远控 |
| Botnet | 僵尸网络 |
| Hijacked | 劫持 |
| Phishing | 钓鱼 |
| Malware | 恶意软件 |
| Exploit | 漏洞利用 |
| Scanner | 扫描 |
| Zombie | 傀儡机 |
| Spam | 垃圾邮件 |
| Suspicious | 可疑 |
| Compromised | 失陷主机 |
| Whitelist | 白名单 |
| Brute Force | 暴力破解 |
| Proxy | 代理 |
| Info | 基础信息 |
Suspicious(可疑)分类
| 英文名称 | 中文名称 |
|---|---|
| MiningPool | 矿池 |
| CoinMiner | 私有矿池 |
C2(远控)分类
| 英文名称 | 中文名称 |
|---|---|
| Sinkhole C2 | 安全机构接管 C2 |
Brute Force(暴力破解)分类
| 英文名称 | 中文名称 |
|---|---|
| SSH Brute Force | SSH暴力破解 |
| FTP Brute Force | FTP暴力破解 |
| SMTP Brute Force | SMTP暴力破解 |
| Http Brute Force | HTTP AUTH暴力破解 |
| Web Login Brute Force | 撞库 |
Proxy(代理)分类
| 英文名称 | 中文名称 |
|---|---|
| HTTP Proxy | HTTP Proxy |
| HTTP Proxy In | HTTP代理入口 |
| HTTP Proxy Out | HTTP代理出口 |
| Socks Proxy | Socks代理 |
| Socks Proxy In | Socks代理入口 |
| Socks Proxy Out | Socks代理出口 |
| VPN | VPN代理 |
| VPN In | VPN入口 |
| VPN Out | VPN出口 |
| Tor | Tor代理 |
| Tor Proxy In | Tor入口 |
| Tor Proxy Out | Tor出口 |
Info(基础信息)分类
| 英文名称 | 中文名称 |
|---|---|
| Bogon | 保留地址 |
| FullBogon | 未启用IP |
| Gateway | 网关 |
| IDC | IDC服务器 |
| Dynamic IP | 动态IP |
| Edu | 教育 |
| DDNS | 动态域名 |
| Mobile | 移动基站 |
| Search Engine Crawler | 搜索引擎爬虫 |
| CDN | CDN服务器 |
| Advertisement | 广告 |
| DNS | DNS服务器 |
| BTtracker | BT服务器 |
| Backbone | 骨干网 |
文件反病毒扫描引擎目录
| 英文名称 | 中文名称 |
|---|---|
| AVG | AVG |
| Antiy | 安天(Antiy) |
| Avira | 小红伞(Avira) |
| Avast | Avast |
| Baidu | Baidu |
| Baidu-China | 百度国际版(Baidu-International) |
| ClamAV | ClamAV |
| DrWeb | 大蜘蛛(Dr.Web) |
| ESET | ESET |
| GDATA | GDATA |
| IKARUS | IKARUS |
| JiangMin | 江民(JiangMin) |
| K7 | K7 |
| Kaiwei | 开维(Kaiwei) |
| Kaspersky | 卡巴斯基(Kaspersky) |
| Kingsoft | 金山(Kingsoft) |
| Microsoft | 微软(MSE) |
| NANO | NANO |
| Panda | 熊猫(Panda) |
| Qihu360 | 360(Qihoo 360) |
| Rising | 瑞星(Rising) |
| Sophos | Sophos |
| Tencent | 腾讯(Tencent) |
| vbwebshell | WebShell专杀 |
文件检测类型全集
- 支持对常见可执行文件的分析:exe、dll、com、cpl 等
- 支持对常见脚本类文件的分析:js、vbs、ps1、python、wsf、html等
- 支持对常见文档类文件的分析:doc、xls、ppt、pub、pdf、swf等
- 支持对常见压缩格式的分析:rar、zip、7z 等
-
部分常见样本标签
常见自定义静态标签:timestamp_exception、encrypt_algorithm、tls_callback、pdb_path、empty_import 等;
- 常见文件类型静态标签: PE32、exe、doc、xls、zip 等;
- 常见语言静态标签:lang_neutral、 lang_english、lang_chinese、lang_spanish、lang_spanish 等;
- 病毒类型标签: Worm、 Trojan、Virus、Backdoor、TrojanDropper 等;
- 病毒家族标签:Soltern、Picsys、Dinwod、Nabucur、Ramnit 等;
文件静态信息报告示例
PE
{"response_code": 0,"data": {"static": {"details": {"pe_version_info": [ // PE 文件版本{"name": "LegalCopyright","value": "Copyright (C) 2019 Mrack"}],"pe_sections": [ // PE 节表信息{"pointer_to_rawdata": "0x00000400","name": ".text","virtual_address": "0x00001000","size_of_data": "0x00001c00","entropy": 6.242158533103589,"SectionPermission": "R-E","virtual_size": "0x00001bc1"}],"pe_signatures": {}, // PE 文件签名"pe_imports": [ // PE 导入表{"imports": [{"name": "DisableThreadLibraryCalls","address": "0x10003014"}],"dll": "KERNEL32.dll"}],"pe_resources": [ // PE 资源信息{"name": "RT_VERSION","language": "LANG_CHINESE","filetype": "data","sublanguage": "SUBLANG_CHINESE_SIMPLIFIED","offset": "0x000090a0","size": "0x000002b0"}],"tag": [ // 静态标签"PE32","lang_chinese"],"pe_detect": { // 第三方检测信息"find_crypt": null,"urls": []},"pe_basic": { // PE 基本信息"tls_info": {},"import_hash": "1abe41975242325c19b3c9a004fa31b9","time_stamp": "2019-07-01 07:46:46","peid": ["PE: protector: VMProtect(-)[-]","PE: linker: Microsoft Linker(14.0)[DLL32]"],"entry_point_section": ".text","image_base": "0x10000000","entry_point": "0x23f9"},"pe_exports": [ // PE 导出表{"ordinal": 1,"name": "adler32","address": "0x10001b40"}]},"basic": { // 文件基本信息"sha1": "9b415f74b471014c188c3ca4b93370007fed4f5e","sha256": "72ccd2b142d73e0bd6c7fa3ebec5ffe80fff233767207804a5a50a4641f8b23a","file_type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows","file_name": "72ccd2b142d73e0bd6c7fa3ebec5ffe80fff233767207804a5a50a4641f8b23a","ssdeep": "384:Pje6+rxkF2OitkOcr9cerrloQY89ZEmIJ+pXRmvIKnTD+TsME:rQrxnOiklhcGZ78rA4n9","file_size": 22016,"md5": "a148642a57e87818b8684d5956bdb3d6"}}},"msg": "OK"}
Office Document(OLE)
{"response_code": 0,"data": {"static": {"details": {"oledump": { // OLE Dump"0": {"type": "","name": "'\\x01CompObj'","size": "107"}},"base_info": { // OLE基本信息"MIMEType": "application/vnd.ms-excel","CompObjUserTypeLen": 31,"CompObjUserType": "Microsoft Excel 2003 Worksheet","ModifyDate": "2017:07:05 06:02:29","ScaleCrop": "No","SharedDoc": "No","TitleOfParts": "","FileType": "XLS","AppVersion": 14.0,"LinksUpToDate": "No","FileName": "macro.xls","CodePage": "Windows Japanese (Shift-JIS)","HeadingPairs": ["Worksheets",1],"FileTypeExtension": "xls","HyperlinksChanged": "No","LastPrinted": "2016:09:30 14:56:13","Security": "None","CreateDate": "2016:09:28 11:10:05","Software": "Microsoft Excel"},"tag": [ // 静态标签"vba_macors","xls"],"oleid": { // OLEID"Excel Workbook": true,"VBA Macros": true,"Encrypted": false,"Application name": "Microsoft Excel","Flash objects": 0,"ObjectPool": false,"Visio Drawing": false,"PowerPoint Presentation": false,"Has SummaryInformation stream": true,"OLE format": true,"Word Document": false},"embedded": { // 嵌入信息"macros": [{ // 嵌入宏代码"vba_filename": "ThisWorkbook.cls","code": "","subfilename": "Z:\\SUBMIT_SAMPLE\\a2602b9c94a2bdbcac75b95d4430d4cda3a79986c016ac2ef2211afb00420f24","ole_stream": "_VBA_PROJECT_CUR/VBA/ThisWorkbook"}],"analysis": [{ // 嵌入分析"type": "AutoExec","description": "Runs when the Excel Workbook is opened","keyword": "Workbook_Open"}]}},"basic": { // 文件基本信息"sha1": "c20c248cac61c020534fd19c3104f3e4c9b39851","sha256": "a2602b9c94a2bdbcac75b95d4430d4cda3a79986c016ac2ef2211afb00420f24","file_type": "Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 932, Name of Creating Application: Microsoft Excel, Last Printed: Fri Sep 30 14:56:13 2016, Create Time/Date: Wed Sep 28 11:10:05 2016, Last Saved Time/Date: Wed Jul 5 06:02:29 2017, Security: 0","file_name": "a2602b9c94a2bdbcac75b95d4430d4cda3a79986c016ac2ef2211afb00420f24","ssdeep": "1536:ek3hOdsylKlgryzc4bNhZFGzE+cL4LgldAcGoKHdi6nHHLa8USOBEeznXg16bIU0:ek3hOdsylKlgryzc4bNhZFGzE+cL4Lgq","file_size": 79872,"md5": "b81cc045aeb9c0f46d34e9e19732bcec"}}},"msg": "OK"}
PDF
{"response_code": 0,"data": {"static": {"details": {"urls": [], // 内嵌URL地址"pdfid": {}, // PDF流信息"base_info": { // PDF基本信息"MIMEType": "application/pdf","FileType": "PDF","Linearized": "No","FileTypeExtension": "pdf","FileName": "01998715ab51a03cdaddff4ebe004da942ca3ae4e1357f3e1d5d5947b6e20624","PDFVersion": 1.3},"tag": [ // 静态标签"pdf"],"javascript": [] // 内嵌JavaScript},"basic": { // 文件基本信息"sha1": "0e89becf87b5aa7b68f1e463f47620de3995b1ee","sha256": "01998715ab51a03cdaddff4ebe004da942ca3ae4e1357f3e1d5d5947b6e20624","file_type": "PDF document, version 1.3","file_name": "01998715ab51a03cdaddff4ebe004da942ca3ae4e1357f3e1d5d5947b6e20624","ssdeep": "48:FuENYPlyRai1648QeS20KOu+s61GMaC9b57OMhCv++S5UcL60I7qS5+o+AS9Hbe2:cENYtyRaU5sV76RaCf7OMhc++S5Ucq7w","file_size": 2996,"md5": "122ca0d4629ff12c3b0aa21bd18dbf08"}}},"msg": "OK"}
RTF
{"response_code": 0,"data": {"static": {"details": {"base_info": { // RTF基本信息"MIMEType": "text/rtf","FileType": "RTF","FileTypeExtension": "rtf","FileName": "69ee6723340148cec550251d4151ea953ef1f637839ec4b4769d260917bedc8e"},"tag": [ // 静态标签"rtf"]},"basic": { // 文件基本信息"sha1": "b03271072ab126b33316da3f02c528c297d683fe","sha256": "69ee6723340148cec550251d4151ea953ef1f637839ec4b4769d260917bedc8e","file_type": "Rich Text Format data, version 1, unknown character set","file_name": "69ee6723340148cec550251d4151ea953ef1f637839ec4b4769d260917bedc8e","ssdeep": "12288:k+kD4uLZMDuarevCd5OXjkttS5tnLSD8djMQnVTG4LBckzrG/gH9J:l1u1OrbdVA7Lg8djXnM4LKkzP","file_size": 820927,"md5": "b8bcdad201dc03be9f312afca81029b2"}}},"msg": "OK"}
ELF
```json {
“response_code”: 0,
“data”: {
“static”: {
}"details": {"dynamic_tags": [ // 动态段信息{"tag": "0x0000000000000010","type": "SYMBOLIC","value": "0x0000000000000000"}],"notes": [], // 注释信息"section_headers": [ // 段信息{"addr": "0x0000000000000000","type": "NULL","name": "","size": 0}],"file_header": { // ELF 基本信息"magic": "\\x7fELF","version": "0x1","os_abi": "UNIX - System V","ei_version": "1 (current)","number_of_program_headers": 6,"abi_version": 0,"size_of_section_headers": 64,"data": "2's complement, little endian","machine": "Advanced Micro Devices X86-64","class": "ELF64","number_of_section_headers": 26,"flags": "0x0000000000000000","type": "DYN (Shared object file)","section_header_string_table_index": 25,"entry_point_address": "0x000000000000fddc","start_of_section_headers": 1172768,"size_of_this_header": 64,"size_of_program_headers": 56,"start_of_program_headers": 64},"program_headers": [ // Program 信息{"type": "LOAD","flags": "R E","addr": "0x0000000000000000","size": 1141456}],"tag": [ // 静态标签"so"],"symbol_tables": [ // 符号表信息{"ndx_name": "","bind": "LOCAL","type": "NOTYPE","value": "0x0000000000000000"}],"relocations": [ // 重定位信息{"name": ".rela.dyn","entries": [{"info": "0x0000000000000008","type": "R_X86_64_RELATIVE","name": "","value": "","offset": "0x0000000000317650"}]}]},"basic": { // 文件基本信息"sha1": "520373aa9c5a099db7b0cc8c04418eaac66c6117","sha256": "36be26d65808ead53780612007ab0165b62bca2de9779dbd63afdba5ce3062a3","file_type": "ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped", "file_name": "36be26d65808ead53780612007ab0165b62bca2de9779dbd63afdba5ce3062a3","ssdeep": "24576:JqQiZtBMZFBWDBvuvdztCntu1OscG0g76+QsHTkPiYqUFdHSHeOG+rVyBTUUs1ek:riZtBMZFBWDBvuvdztCntu1OscG0g76+", "file_size": 1174432,"md5": "cdad1039d8d9f197a693892a2d88124c"}
},
“msg”: “OK” }
<a name="L30Vd"></a>## 压缩```json{"response_code": 0,"data": {"static": {"details": {"zip": [{"Path": "Z:\\SUBMIT_SAMPLE\\8cd40af98ddbfa579376e14fdeed20b20156282c8d3d7253526466836693ad7d","Type": "zip", // ZIP 文件结构"Physical Size": "14898078"},{"Comment": "","Attributes": "A","Created": "2019-01-02 16:09:56","Packed Size": "5010","Encrypted": "-","Modified": "2019-01-02 15:15:23","Host OS": "FAT","CRC": "C965CAAE","Volume Index": "0","Version": "20","Accessed": "2019-01-02 16:09:56","Path": "pcreposix-0.dll","Folder": "-","Method": "Deflate","Size": "9728"}],"base_info": { // ZIP 基本信息"MIMEType": "application/zip","ZipRequiredVersion": 20,"ZipCRC": "0xc965caae","FileType": "ZIP","ZipCompression": "Deflated","FileName": "8cd40af98ddbfa579376e14fdeed20b20156282c8d3d7253526466836693ad7d","ZipCompressedSize": 5010,"FileTypeExtension": "zip","ZipFileName": "pcreposix-0.dll","ZipBitFlag": 0,"ZipUncompressedSize": 9728,"ZipModifyDate": "2019:01:02 15:15:11"},"tag": [ // 静态标签"zip"]},"basic": { // 文件基本信息"sha1": "01cb66a858d8e4c42334149865c204d0a97d7389","sha256": "8cd40af98ddbfa579376e14fdeed20b20156282c8d3d7253526466836693ad7d","file_type": "Zip archive data, at least v2.0 to extract","file_name": "8cd40af98ddbfa579376e14fdeed20b20156282c8d3d7253526466836693ad7d","ssdeep": "393216:n3Cz49jJ8xPvYkdBFpyh+6TY8tBMNGlYrAs9HY0Z:nzVkXFYw6cKxCrAg4U","file_size": 14898078,"md5": "170fb01f3a9f47096608c50109365879"}}},"msg": "OK"}
若有收获,就点个赞吧
0 人点赞
