Delete analysis.

—

Analysis is deleted, code 204.

Get data about analyses.

List of Analysis objects.

count

integer

Number of returning objects, 1…100. To get more objects, use several requests and the offset parameter. By default, count=10.

No

offset

integer

Offset, 0…+∞. By default, offset=0.

No

format_group_name

string

Filter by file type.

No

Get detailed information about analysis.

—

Analysis object.

Download the archive with analysis results.

—

Archive that contains analysis results on all tasks.

Get information about the latest attempt to create the CureIt! utility for the specified analysis.

—

CureIt object.

Download the CureIt! utility.

—

CureIt! file.

Start the file analysis.

Analysis object.

analysis_time

integer

Sample run time in seconds, from 30 to the maximum sample run time permitted by your license. By default, analysis_time=60.

No

convert_video

boolean

Convert video while the analysis is ongoing.

No

copylog

boolean

Сopy full raw hypervisor log.

No

crypto_api_limit

integer

Crypto API buffers limit in MB.

No

custom_cmd

string/null

Command to run the sample.

No

drop_size_limit

integer

Total size limit for created files.

No

dump_browsers

string

Dump browser modules.

No

dump_mapped

boolean

Dump memory-mapped files (only after execution).

No

dump_processes

boolean

Dump processes (only after execution).

No

dump_size_limit

integer

Maximum size of collectable drops.

No

dump_ssdt

boolean

Dump SSDT.

No

flex_time

boolean

Sample flex time.

No

format_name

string

File format.

Yes if the format is not identified automatically

forwards

array [string]/null

Forward the specified ports from guest VM.

No

generate_cureit

boolean

Generate the Dr.Web CureIt! utility for neutralizing threats in the original file and in all files created during the analysis.

No

get_lib

boolean

Get *.lib files and raw dumps.

No

injects_limit

integer

Injects count limit.

No

monkey_clicker

boolean

Enable auto clicker.

No

net

string

Redirect virtual machine network traffic according to specified settings.

The syntax:

protocol—one of the supported protocols (vpn, tor, socks4, socks5, or shadowsocks), if the net parameter is not specified, the vpn protocol is used by default.

login:password—proxy authorization parameters (optional for socks5, required for shadowsocks, not specified for other protocols).

parameters—additional (optional) parameters:

•udp—UDP traffic redirection.

Possible values:

udp=on redirects all UDP traffic;

udp=off does not redirect UDP traffic.

This parameter is supported for all protocols except for vpn.

•mitm—encrypted traffic interception.

Possible values:

mitm=on intercepts encrypted traffic;

mitm=off does not intercept encrypted traffic (the default option).

This parameter is supported for all protocols.

Examples:

•VPN = vpn://?mitm=on

•TOR = tor://?udp=off

•Socks4 = socks4://myproxy.com:4050?udp=off&mitm=on

•Socks5 = socks5://user:123321@myproxy.com:1080?udp=on&mitm=on

•Shadowsocks = shadowsocks://aes-256-cfb:123321@myproxy.com:1080?mitm=on

No

no_clean

boolean

Get all allocs and drops.

No

optional_count

integer/null

Maximum number of triggered breakpoints.

No

platforms

array [string]/null

Platforms to run the sample.

No

proc_lifetime

string/null

Lifetime of processes in seconds.

Example:

'notepad.exe,35,winword.exe,20

No

sample_id

integer

Sample ID.

Yes

set_date

string

Set system date (format: 17.03.2022).

No

write_file_limit

integer

WriteFile buffers limit in MB.

No

Restart all deleted or failed tasks of the specified analysis.

—

Restart of deleted or failed tasks.

Re-create CureIt!.

—

CureIt object.