### Pre-installation Script
Source: https://docs.virustotal.com/reference/file-object-deb-info
The preinst script runs before the package installation begins. It can be used for initial setup or checks required before the main installation process.
```bash
#!/bin/bash
# $Id: preinst 127855 2019-01-01 01:45:53Z bird $
## @file
# Blabla pre-install.
#
# Copyright (C) 2006-2019 Blabla Systems
```
--------------------------------
### Example Malware Configuration
Source: https://docs.virustotal.com/reference/file-object-malware-config
An example of a populated malware_config field, demonstrating typical key-value pairs such as campaign ID, domain, family, and installation details.
```json
{
"data": {
"attributes": {
"malware_config": {
"campaign_id": "Hcwfjr",
"domain": "0.tcp.ngggke.io",
"family": "njRat",
"install_dir": "TEMP",
"install_flag": "True",
"install_name": "server1.exe",
"network_separator": "|"|"",
"port": "18354",
"registry_value": "92893539d5d3558f5b256571544dccb0",
"version": "0.7d"
}
}
}
}
```
--------------------------------
### Install vt-py using pip
Source: https://docs.virustotal.com/docs/batch-file-downloads
Install the official VirusTotal Python client library using pip. This is the recommended installation method.
```bash
$ pip install vt-py
```
--------------------------------
### Monitor Info Example
Source: https://docs.virustotal.com/reference/file-object-monitor-info
An example of the monitor_info field showing a specific filename and organization.
```json
{
"data": {
"attributes": {
"monitor_info": {
"filenames": [
"testfilename"
],
"organizations": [
"Example Inc."
]
},
}
}
```
--------------------------------
### Example HTTP Conversation
Source: https://docs.virustotal.com/reference/http-conversation
An example of a single HTTP GET request and its corresponding response, including headers, status code, and file type.
```json
{
"data": {
"attributes": {
"http_conversations": [
{
"request_headers": {
"Accept": "*/*",
"User-Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
},
"request_method": "GET",
"response_body_filetype": "PDF",
"response_headers": {
"Cache-Control": "no-cache",
"Connection": "keep-alive",
"Content-Type": "text/html; charset=UTF-8",
"Date": "Sat, 23 Nov 2019 09:02:26 GMT",
"Server": "nginx/1.14.0",
"Status-Line": "HTTP/1.1 200",
"Transfer-Encoding": "chunked",
"Vary": "Accept-Encoding",
"X-Powered-By": "PHP/7.2.9"
},
"response_status_code": 200,
"url": "http://foo.blablabla.com/blablabla.pdf"
}
]
}
}
}
```
--------------------------------
### Install vt-py using setup.py
Source: https://docs.virustotal.com/docs/batch-file-downloads
Install the vt-py library after obtaining the source code, using the setup.py script.
```bash
$ sudo python3 setup.py install
```
--------------------------------
### Install vt-py from source tarball
Source: https://docs.virustotal.com/docs/batch-file-downloads
Download and extract the vt-py source code tarball, then install it using setup.py.
```bash
$ tar -zxvf vt-py-X.Y.Z.tar.gz
$ cd vt-py-X.Y.Z
```
--------------------------------
### Example ISO Image File Information
Source: https://docs.virustotal.com/reference/file-object-isoimage-info
This example demonstrates a populated isoimage_info object, showing specific values for application ID, creation date, data preparer, file counts, and volume identifiers.
```json
{
"data": {
"attributes": {
"isoimage_info": {
"application_id": "CDIMAGE 2.56 (01/01/2005 TM)",
"created": "2012-10-04 17:00:00",
"data_preparer_id": "MICROSOFT CORPORATION, ONE MICROSOFT WAY, REDMOND WA 98052, (425) 882-8080",
"effective": "0000-00-00 00:00:00",
"expires": "0000-00-00 00:00:00",
"file_structure_version": 1,
"max_date": "2012-10-04 06:34:35",
"min_date": "2011-12-13 22:04:47",
"modified": "0000-00-00 00:00:00",
"num_files": 127,
"publisher_id": "MICROSOFT CORPORATION",
"total_size": 5086954,
"type_code": "CD001",
"volume_id": "15.0.4420.1017",
"volume_set_id": "15.0.4420.1017"
}
}
}
}
```
--------------------------------
### Example OpenVPN Client Configuration
Source: https://docs.virustotal.com/docs/openvpn-support-on-private-scanning
A sample OpenVPN client configuration file. Ensure all keys and certificates are embedded directly within the file.
```openvpn
# Specify that we are a client.
client
# Currently we only support TUN interface
dev tun
# Currently we only support UDP to encapsulate traffic
proto udp
# The hostname/IP and port of the server.
remote 1.2.3.4 1194
# Always try to resolve the hostname of the OpenVPN server.
resolv-retry infinite
# Most clients don't need to bind to a specific local port number.
nobind
# Try to preserve some state across restarts.
persist-key
persist-tun
# Select a cryptographic cipher.
cipher AES-256-GCM
auth SHA256
# Certificate Authority
# User certificate
redacted_certificate_content
# This is the client's private key
```
--------------------------------
### Example Traffic Inspection Data
Source: https://docs.virustotal.com/reference/file-object-files-traffic-inspection
This example demonstrates the structure of traffic inspection data, showing two HTTP GET requests with details like binary hash, URL, and response size.
```json
{
"data": {
"attributes": {
"traffic_inspection": {
"http": [
{
"binary_hash": "0e735aab56c55e954405cef52a5d9e59935c4a5ea151b85eb5a1cf5b25a50505",
"binary_magic": "ASCII text, with very long lines, with no line terminators",
"datetime": "2020-06-03 22:56:01.449486",
"interesting_magic": 0,
"method": "GET",
"remote_host": "66.66.66.66:80",
"response_code": "200",
"response_size": 226132,
"url": "http://blablabla.com/blablabla.jpg",
"user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)"
},
{
"binary_hash": "0e73f4ab6645649e4402ce452a4d9eb9431c4adea141b8b4b3a14fbb24a20e05",
"binary_magic": "ASCII text, with very long lines, with no line terminators",
"datetime": "2020-06-03 22:56:32.097305",
"interesting_magic": 0,
"method": "GET",
"remote_host": "66.66.66.66:80",
"response_code": "200",
"response_size": 226132,
"url": "http://blablabla.com/blablabla2.jpg",
"user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)"
}
]
}
}
}
}
```
--------------------------------
### IPA Info Example with Mach-O Commands
Source: https://docs.virustotal.com/reference/file-object-ipa-info
This example shows a snippet of the 'ipa_info' data, specifically detailing the Mach-O executable information. It lists various load commands and header details for the application binary.
```json
{
"data": {
"attributes": {
"ipa_info": {
"apps": [
{
"commands": [
{
"type": "LC_DYLD_INFO_ONLY"
},
{
"type": "LC_SYMTAB"
},
{
"type": "LC_DYSYMTAB"
},
{
"type": "LC_LOAD_DYLINKER"
},
{
"type": "LC_UUID"
}
],
"headers": {
"cpu_subtype": "ARM_V7",
"cpu_type": "ARM",
"entrypoint": "0xe5ed",
"file_type": "executable file",
"flags": [
"BINDS_TO_WEAK",
"DYLDLINK",
"NOUNDEFS",
"PIE",
"TWOLEVEL",
"WEAK_DEFINES"
],
"magic": "0xfeedface",
"num_cmds": 54
}
}
],
"plist": {},
"provision": {}
}
}
}
}
```
--------------------------------
### Get File Content Search Snippets (Bad Request Example)
Source: https://docs.virustotal.com/reference/intelligence-search-snippets
This example illustrates a 'Bad Request' error response, typically occurring due to an invalid API token. It shows the error structure with a 'code' and 'message'.
```json
{
"error": {
"code": "BadRequestError",
"message": "Invalid token"
}
}
```
--------------------------------
### Get File Content Search Snippets (Success Example)
Source: https://docs.virustotal.com/reference/intelligence-search-snippets
This example demonstrates a successful response when retrieving file content search snippets. It shows the structure of the 'data' array containing matched content in hexdump and plain text formats.
```json
{
"data": [
"01CEE0A0: 09 20 2A 0A 09 20 2A 20 45 78 61 6D 70 6C 65 3A . *.. * Example:\n01CEE0B0: 0A 09 20 2A 0A 09 20 2A 20 20 20 20 20 35 68 65 .. *.. * 5he\n01CEE0C0: 6C 6C 6F 20 77 6F 72 6C 64 0A 09 20 2A 20 20 20 llo world.. * ",
"01CEF650: 6D 70 6C 65 3A 0A 09 20 2A 0A 09 20 2A 20 20 20 mple:.. *.. * \n01CEF660: 20 20 31 31 3A 68 65 6C 6C 6F 20 77 6F 72 6C 64 11:hel lo world\n01CEF670: 32 3A 68 69 0A 09 20 2A 0A 09 20 2A 20 49 66 20 2:hi.. *.. * If ",
"01D22020: 5C 6E 20 2A 20 45 78 61 6D 70 6C 65 3A 5C 6E 20 \n * Example:\n \n01D22030: 2A 5C 6E 20 2A 20 20 20 20 20 35 68 65 6C 6C 6F *\n * 5hel lo\n01D22040: 20 77 6F 72 6C 64 5C 6E 20 2A 20 20 20 20 20 33 world \n * 3",
"02C29AB0: 6C 6F 67 28 68 65 6C 6C 6F 2C 20 27 77 6F 72 6C log(hello, 'worl\n02C29AC0: 64 27 29 3B 0A 20 2A 20 27 68 65 6C 6C 6F 20 77 d');. * 'he llo w\n02C29AD0: 6F 72 6C 64 27 0A 20 2A 2F 0A 65 78 70 6F 72 74 orld '. */.export",
"02C643E0: 28 68 65 6C 6C 6F 2C 20 27 77 6F 72 6C 64 27 29 (hello, 'world')\n02C643F0: 3B 0A 20 2A 20 27 68 65 6C 6C 6F 20 77 6F 72 6C ;. * 'he llo worl\n02C64400: 64 27 0A 20 2A 2F 0A 76 61 72 20 6C 6F 67 20 3D d '. */.var log ="
]
}
```
--------------------------------
### Example Bundle Info
Source: https://docs.virustotal.com/reference/file-object-bundle-info
An example of bundle_info for a ZIP file, showing extensions, file types, dates, password, and size.
```json
{
"data": {
"attributes": {
"bundle_info": {
"extensions": {
"exe": 1
},
"file_types": {
"Portable Executable": 1,
"XML": 1
},
"highest_datetime": "2017-06-07 09:07:38",
"lowest_datetime": "1980-01-00 00:00:00",
"num_children": 2,
"password": "infected",
"type": "ZIP",
"uncompressed_size": 222702
}
}
}
}
```
--------------------------------
### Example Response Body for ZIP File Creation
Source: https://docs.virustotal.com/reference/create-zip-files
This is an example of the response you will receive after requesting a ZIP file. It includes the ZIP file's ID, status, and progress. You must poll the GET /intelligence/zip_files/{id} endpoint to track completion.
```json
{
"data": {
"type": "zip_file",
"id": "4939392292",
"attributes": {
"status": "starting",
"progress": 0,
"files_ok": 0,
"files_error": 0
}
}
}
```
--------------------------------
### Basic OpenVPN Server Setup Script
Source: https://docs.virustotal.com/docs/openvpn-support-on-private-scanning
A bash script to automate the basic setup of an OpenVPN server on a Linux system. Requires modifications for interface names, VPN subnet, and other placeholders.
```bash
#!/usr/bin/env bash
# Basic OpenVPN setup script
```
--------------------------------
### Example Request Body
Source: https://docs.virustotal.com/reference/collections-comments-create
The request body must be a JSON object representing a comment. Words starting with '#' in the text are treated as tags.
```json
{
"data": {
"type": "comment",
"attributes": {
"text": "Lorem #ipsum dolor sit ..."
}
}
}
```
--------------------------------
### Get Monitor Items by Tag
Source: https://docs.virustotal.com/reference/monitor-items-filter
Retrieves a list of MonitorItem objects filtered by one or more tags. This example shows filtering by the 'detected' tag.
```APIDOC
## GET /monitor/items
### Description
Retrieves a list of MonitorItem objects filtered by a specified tag.
### Method
GET
### Endpoint
/monitor/items
### Query Parameters
- **filter** (string) - Required - The filter criteria. Use `tag:` to filter by tag. Example: `tag:detected`.
```
--------------------------------
### Example JAR File Information Response
Source: https://docs.virustotal.com/reference/file-object-jar-info
This is an example of the detailed information returned for a JAR file, including lists of filenames, file types, manifest content, date information, package names, and extracted strings.
```json
{
"data": {
"attributes": {
"jar_info": {
"filenames": [
"META-INF/MANIFEST.MF",
"net/blabla/blabla/blabla/blabla.class",
"net/blabla/blabla/blabla/blabla2.class",
"net/blabla/blabla/blabla/blabla3.class"
],
"files_by_type": {
"ascii": 490,
"binary": 16,
"class": 760,
"jpg": 2,
"ogg": 3,
"png": 441
},
"manifest": "Manifest-Version: 1.0",
"max_date": "2020-06-18 20:46:02",
"max_depth": 5,
"min_date": "2020-06-18 20:45:58",
"packages": [
"java.io",
"java.lang",
"java.lang.Comparable