Wiki
Clone wikivirusbattle-sdk / File Identifier and Formats
FILE IDENTIFIER
Currently VirusBattle uses SHA1 of a file as its identifier. However,
the specific choice of the identifier is subect to change. In this
discussion we use the term filehash
or objID
interchangabely to
mean the object identifier used by VirusBattle.
FILE FORMATS SUPPORTED
VirusBattle currently analyzes Windows PE32 executables. Since most
companies and people do not like to have malware executables on their
machines or network, the system allows uploading password protected
zip
files as well. Besides zip
, the system also accepts tar
,
tar.gz
, and 7z
formats. Other archive formats can be supported on
request to the extent their decompressors are available on Ubuntu
platform.
The system also supports nested archives: exe contained in zip, contained in tar, contained in of 7z, zip, etc. It can dig deep into such archives.
VirustBattle can also decrypt password protected archives, either
with the default password infected
or using a password provided by
you. The only caveat is that for nested archives all password
protected archives use the same password.
The design of the RESTful API is driven with the goal to support submission and querying of nested archives. VirusBattle treats nested archives simlar to nested directories, and provides mechanism to traverse the hierarchy until you reach the required binary and query its information. You may also directly access the necessary information using a binary's (or for that matter any file's) file identifier.
Updated