### Pre-installation Script Source: https://docs.virustotal.com/reference/file-object-deb-info The preinst script runs before the package installation begins. It can be used for initial setup or checks required before the main installation process. ```bash #!/bin/bash # $Id: preinst 127855 2019-01-01 01:45:53Z bird $ ## @file # Blabla pre-install. # # Copyright (C) 2006-2019 Blabla Systems ``` -------------------------------- ### Example Malware Configuration Source: https://docs.virustotal.com/reference/file-object-malware-config An example of a populated malware_config field, demonstrating typical key-value pairs such as campaign ID, domain, family, and installation details. ```json { "data": { "attributes": { "malware_config": { "campaign_id": "Hcwfjr", "domain": "0.tcp.ngggke.io", "family": "njRat", "install_dir": "TEMP", "install_flag": "True", "install_name": "server1.exe", "network_separator": "|"|"", "port": "18354", "registry_value": "92893539d5d3558f5b256571544dccb0", "version": "0.7d" } } } } ``` -------------------------------- ### Install vt-py using pip Source: https://docs.virustotal.com/docs/batch-file-downloads Install the official VirusTotal Python client library using pip. This is the recommended installation method. ```bash $ pip install vt-py ``` -------------------------------- ### Monitor Info Example Source: https://docs.virustotal.com/reference/file-object-monitor-info An example of the monitor_info field showing a specific filename and organization. ```json { "data": { "attributes": { "monitor_info": { "filenames": [ "testfilename" ], "organizations": [ "Example Inc." ] }, } } ``` -------------------------------- ### Example HTTP Conversation Source: https://docs.virustotal.com/reference/http-conversation An example of a single HTTP GET request and its corresponding response, including headers, status code, and file type. ```json { "data": { "attributes": { "http_conversations": [ { "request_headers": { "Accept": "*/*", "User-Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)" }, "request_method": "GET", "response_body_filetype": "PDF", "response_headers": { "Cache-Control": "no-cache", "Connection": "keep-alive", "Content-Type": "text/html; charset=UTF-8", "Date": "Sat, 23 Nov 2019 09:02:26 GMT", "Server": "nginx/1.14.0", "Status-Line": "HTTP/1.1 200", "Transfer-Encoding": "chunked", "Vary": "Accept-Encoding", "X-Powered-By": "PHP/7.2.9" }, "response_status_code": 200, "url": "http://foo.blablabla.com/blablabla.pdf" } ] } } } ``` -------------------------------- ### Install vt-py using setup.py Source: https://docs.virustotal.com/docs/batch-file-downloads Install the vt-py library after obtaining the source code, using the setup.py script. ```bash $ sudo python3 setup.py install ``` -------------------------------- ### Install vt-py from source tarball Source: https://docs.virustotal.com/docs/batch-file-downloads Download and extract the vt-py source code tarball, then install it using setup.py. ```bash $ tar -zxvf vt-py-X.Y.Z.tar.gz $ cd vt-py-X.Y.Z ``` -------------------------------- ### Example ISO Image File Information Source: https://docs.virustotal.com/reference/file-object-isoimage-info This example demonstrates a populated isoimage_info object, showing specific values for application ID, creation date, data preparer, file counts, and volume identifiers. ```json { "data": { "attributes": { "isoimage_info": { "application_id": "CDIMAGE 2.56 (01/01/2005 TM)", "created": "2012-10-04 17:00:00", "data_preparer_id": "MICROSOFT CORPORATION, ONE MICROSOFT WAY, REDMOND WA 98052, (425) 882-8080", "effective": "0000-00-00 00:00:00", "expires": "0000-00-00 00:00:00", "file_structure_version": 1, "max_date": "2012-10-04 06:34:35", "min_date": "2011-12-13 22:04:47", "modified": "0000-00-00 00:00:00", "num_files": 127, "publisher_id": "MICROSOFT CORPORATION", "total_size": 5086954, "type_code": "CD001", "volume_id": "15.0.4420.1017", "volume_set_id": "15.0.4420.1017" } } } } ``` -------------------------------- ### Example OpenVPN Client Configuration Source: https://docs.virustotal.com/docs/openvpn-support-on-private-scanning A sample OpenVPN client configuration file. Ensure all keys and certificates are embedded directly within the file. ```openvpn # Specify that we are a client. client # Currently we only support TUN interface dev tun # Currently we only support UDP to encapsulate traffic proto udp # The hostname/IP and port of the server. remote 1.2.3.4 1194 # Always try to resolve the hostname of the OpenVPN server. resolv-retry infinite # Most clients don't need to bind to a specific local port number. nobind # Try to preserve some state across restarts. persist-key persist-tun # Select a cryptographic cipher. cipher AES-256-GCM auth SHA256 # Certificate Authority # User certificate redacted_certificate_content # This is the client's private key ``` -------------------------------- ### Example Traffic Inspection Data Source: https://docs.virustotal.com/reference/file-object-files-traffic-inspection This example demonstrates the structure of traffic inspection data, showing two HTTP GET requests with details like binary hash, URL, and response size. ```json { "data": { "attributes": { "traffic_inspection": { "http": [ { "binary_hash": "0e735aab56c55e954405cef52a5d9e59935c4a5ea151b85eb5a1cf5b25a50505", "binary_magic": "ASCII text, with very long lines, with no line terminators", "datetime": "2020-06-03 22:56:01.449486", "interesting_magic": 0, "method": "GET", "remote_host": "66.66.66.66:80", "response_code": "200", "response_size": 226132, "url": "http://blablabla.com/blablabla.jpg", "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)" }, { "binary_hash": "0e73f4ab6645649e4402ce452a4d9eb9431c4adea141b8b4b3a14fbb24a20e05", "binary_magic": "ASCII text, with very long lines, with no line terminators", "datetime": "2020-06-03 22:56:32.097305", "interesting_magic": 0, "method": "GET", "remote_host": "66.66.66.66:80", "response_code": "200", "response_size": 226132, "url": "http://blablabla.com/blablabla2.jpg", "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)" } ] } } } } ``` -------------------------------- ### IPA Info Example with Mach-O Commands Source: https://docs.virustotal.com/reference/file-object-ipa-info This example shows a snippet of the 'ipa_info' data, specifically detailing the Mach-O executable information. It lists various load commands and header details for the application binary. ```json { "data": { "attributes": { "ipa_info": { "apps": [ { "commands": [ { "type": "LC_DYLD_INFO_ONLY" }, { "type": "LC_SYMTAB" }, { "type": "LC_DYSYMTAB" }, { "type": "LC_LOAD_DYLINKER" }, { "type": "LC_UUID" } ], "headers": { "cpu_subtype": "ARM_V7", "cpu_type": "ARM", "entrypoint": "0xe5ed", "file_type": "executable file", "flags": [ "BINDS_TO_WEAK", "DYLDLINK", "NOUNDEFS", "PIE", "TWOLEVEL", "WEAK_DEFINES" ], "magic": "0xfeedface", "num_cmds": 54 } } ], "plist": {}, "provision": {} } } } } ``` -------------------------------- ### Get File Content Search Snippets (Bad Request Example) Source: https://docs.virustotal.com/reference/intelligence-search-snippets This example illustrates a 'Bad Request' error response, typically occurring due to an invalid API token. It shows the error structure with a 'code' and 'message'. ```json { "error": { "code": "BadRequestError", "message": "Invalid token" } } ``` -------------------------------- ### Get File Content Search Snippets (Success Example) Source: https://docs.virustotal.com/reference/intelligence-search-snippets This example demonstrates a successful response when retrieving file content search snippets. It shows the structure of the 'data' array containing matched content in hexdump and plain text formats. ```json { "data": [ "01CEE0A0: 09 20 2A 0A 09 20 2A 20 45 78 61 6D 70 6C 65 3A . *.. * Example:\n01CEE0B0: 0A 09 20 2A 0A 09 20 2A 20 20 20 20 20 35 68 65 .. *.. * 5 he \n01CEE0C0: 6C 6C 6F 20 77 6F 72 6C 64 0A 09 20 2A 20 20 20 llo world .. * ", "01CEF650: 6D 70 6C 65 3A 0A 09 20 2A 0A 09 20 2A 20 20 20 mple:.. *.. * \n01CEF660: 20 20 31 31 3A 68 65 6C 6C 6F 20 77 6F 72 6C 64 11: hel lo world \n01CEF670: 32 3A 68 69 0A 09 20 2A 0A 09 20 2A 20 49 66 20 2:hi.. *.. * If ", "01D22020: 5C 6E 20 2A 20 45 78 61 6D 70 6C 65 3A 5C 6E 20 \n * Example:\n \n01D22030: 2A 5C 6E 20 2A 20 20 20 20 20 35 68 65 6C 6C 6F *\n * 5 hel lo \n01D22040: 20 77 6F 72 6C 64 5C 6E 20 2A 20 20 20 20 20 33 world \n * 3", "02C29AB0: 6C 6F 67 28 68 65 6C 6C 6F 2C 20 27 77 6F 72 6C log(hello, 'worl\n02C29AC0: 64 27 29 3B 0A 20 2A 20 27 68 65 6C 6C 6F 20 77 d');. * ' he llo w \n02C29AD0: 6F 72 6C 64 27 0A 20 2A 2F 0A 65 78 70 6F 72 74 orld '. */.export", "02C643E0: 28 68 65 6C 6C 6F 2C 20 27 77 6F 72 6C 64 27 29 (hello, 'world')\n02C643F0: 3B 0A 20 2A 20 27 68 65 6C 6C 6F 20 77 6F 72 6C ;. * ' he llo worl \n02C64400: 64 27 0A 20 2A 2F 0A 76 61 72 20 6C 6F 67 20 3D d '. */.var log =" ] } ``` -------------------------------- ### Example Bundle Info Source: https://docs.virustotal.com/reference/file-object-bundle-info An example of bundle_info for a ZIP file, showing extensions, file types, dates, password, and size. ```json { "data": { "attributes": { "bundle_info": { "extensions": { "exe": 1 }, "file_types": { "Portable Executable": 1, "XML": 1 }, "highest_datetime": "2017-06-07 09:07:38", "lowest_datetime": "1980-01-00 00:00:00", "num_children": 2, "password": "infected", "type": "ZIP", "uncompressed_size": 222702 } } } } ``` -------------------------------- ### Example Response Body for ZIP File Creation Source: https://docs.virustotal.com/reference/create-zip-files This is an example of the response you will receive after requesting a ZIP file. It includes the ZIP file's ID, status, and progress. You must poll the GET /intelligence/zip_files/{id} endpoint to track completion. ```json { "data": { "type": "zip_file", "id": "4939392292", "attributes": { "status": "starting", "progress": 0, "files_ok": 0, "files_error": 0 } } } ``` -------------------------------- ### Basic OpenVPN Server Setup Script Source: https://docs.virustotal.com/docs/openvpn-support-on-private-scanning A bash script to automate the basic setup of an OpenVPN server on a Linux system. Requires modifications for interface names, VPN subnet, and other placeholders. ```bash #!/usr/bin/env bash # Basic OpenVPN setup script ``` -------------------------------- ### Example Request Body Source: https://docs.virustotal.com/reference/collections-comments-create The request body must be a JSON object representing a comment. Words starting with '#' in the text are treated as tags. ```json { "data": { "type": "comment", "attributes": { "text": "Lorem #ipsum dolor sit ..." } } } ``` -------------------------------- ### Get Monitor Items by Tag Source: https://docs.virustotal.com/reference/monitor-items-filter Retrieves a list of MonitorItem objects filtered by one or more tags. This example shows filtering by the 'detected' tag. ```APIDOC ## GET /monitor/items ### Description Retrieves a list of MonitorItem objects filtered by a specified tag. ### Method GET ### Endpoint /monitor/items ### Query Parameters - **filter** (string) - Required - The filter criteria. Use `tag:` to filter by tag. Example: `tag:detected`. ``` -------------------------------- ### Example JAR File Information Response Source: https://docs.virustotal.com/reference/file-object-jar-info This is an example of the detailed information returned for a JAR file, including lists of filenames, file types, manifest content, date information, package names, and extracted strings. ```json { "data": { "attributes": { "jar_info": { "filenames": [ "META-INF/MANIFEST.MF", "net/blabla/blabla/blabla/blabla.class", "net/blabla/blabla/blabla/blabla2.class", "net/blabla/blabla/blabla/blabla3.class" ], "files_by_type": { "ascii": 490, "binary": 16, "class": 760, "jpg": 2, "ogg": 3, "png": 441 }, "manifest": "Manifest-Version: 1.0", "max_date": "2020-06-18 20:46:02", "max_depth": 5, "min_date": "2020-06-18 20:45:58", "packages": [ "java.io", "java.lang", "java.lang.Comparable