Search by authentihash

[jkadeesh]

Hello Gurus,

Is there any possible way to search VirusTotal data based on authentihash inside VirusTotal.com either using the GUI or using the public / private API?  If yes, could you please let me know how to do that?  That would be of great help in making use of Applocker log data (that include Authentihash by default) to identify the maliciousness of the executed files.

Thank you in advance!

[Emiliano Martinez]

Hello,

Searching by authentihash is actually possible, though it is not the recommended way. We started indexing authentihash late 2014, meaning that only files sent from then onward are indexed by authentihash. This means that whenever you search by authentihash, if there is no match, it does not mean that we do not have the file, it might well be that it is an old file for which we do not have the authentihash calculated and indexed. It is always better to end up checking by sha256.

If you still want to use authentihash, the way to do it is prepending "auth" to the hash, i.e.

http://www.virustotal.com/vtapi/v2/file/report?apikey=<yourkey>&resource=auth1525683d71dcf892b2428ae862d22f998c48ed6724370ebeba5428a0975b0cfe

Regards.

--
--
Choose a file, check it with more than 50 antivirus, fast and easy: http://www.virustotal.com
---
You received this message because you are subscribed to the Google Groups "VirusTotal" group.
To unsubscribe from this group and stop receiving emails from it, send an email to virustotal+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.