Delete analysis.

—

Analysis is deleted, code 204.

Get data about analyses.

List of Analysis objects.

count

number

Count (int)—number of returning objects, 1…100. To get more objects, use several requests and the offset parameter. By default, count=10.

No

offset

number

Offset (int)—offset, 0…+∞. By default, offset=0.

No

format_group_name

string

Filter by file type.

No

Get detailed information about analysis.

—

Analysis object.

Download archive with analysis results.

—

Archive that contains analysis results on all tasks.

Download sample.

—

Sample

Get data about CureIt!.

—

CureIt object.

Download the CureIt! utility.

—

Cureit! file.

Start the file analysis.

Analysis object.

sample_id

number

Sample ID.

Yes

analysis_time

number

Sample run time in seconds, from 30 to the maximum sample run time permitted by your license. By default, analysis_time=60.

No

format_name

string

File format.

Yes if the format is not identified automatically

platforms

array [string]

Platforms to run the sample.

No

custom_cmd

string

Command to run the sample.

No

net

string

Command to redirect virtual machine network traffic according to specified settings.

•VPN = vpn:// (used by default if the net parameter is not specified)

•TOR = tor://

•Socks4 = socks4://host:port

•Socks5 = socks5://[login:password@]host:port?parameters

•Shadowsocks = shadowsocks://[login:password@]host:port?parameters

Possible values for parameters:

udp—UDP protocol behavior (udp=on redirects all UDP traffic, udp=off do not redirect traffic);

login:password—proxy server authorization parameters (optional for Socks5, required for Shadowsocks).

No

dump_size_limit

number

Maximum size of collectable drops.

No

copylog

boolean

Сopy full raw hypervisor log.

No

crypto_api_limit

number

Size of Crypto API buffers limit in Mb.

No

drop_size_limit

number

Created files total size limit.

No

flex_time

boolean

Flex sample time.

No

forwards

string

Forward the specified ports from guest VM.

No

generate_cureit

boolean

Generate the Dr.Web CureIt! utility for neutralizing threats in the original file and in all files created during the analysis.

No

get_lib

boolean

Get *.lib files and raw dumps.

No

injects_limit

number

Injects count limit.

No

monkey_clicker

boolean

Enable auto clicker.

No

dump_browsers

string

Dump browser modules.

No

dump_mapped

boolean

Dump memory-mapped files (only after execution).

No

dump_ssdt

boolean

Dump SSDT.

No

dump_processes

boolean

Dump processes (only after execution).

No

no_clean

boolean

Get all allocs and drops.

No

optional_count

number

Maximum number of triggered breakpoints.

No

proc_lifetime

string

Lifetime of processes in seconds.

Example:

'notepad.exe,35,winword.exe,20

No

set_date

string

Set system date (format: 17.03.2022).

No

write_file_limit

number

WriteFile buffers limit in Mb.

No

Restart all deleted or failed tasks of the specified analysis.

—

Restart of deleted or failed tasks.

Recreate Cureit!.

—

CureIt object.