PCAP files seen in the file.
The pcap_children relationship returns a list of PCAP files seen in a given file. This relationship is only available for Premium API users. PCAP children are files seen inside the communication traffic for an uploaded PCAP file.
This relationship can be retrieved using the relationships API endpoint. The response contains a list of File objects.
{
"data": [
<FILE_OBJECT>,
<FILE_OBJECT>
...
],
"links": {
"next": "<string>",
"self": "<string>"
},
"meta": {
"count": <int>,
"cursor": "<string>"
}
}
{
"data": [
{
"attributes": {
"authentihash": "0c4226e47eda883ce9eff9ec1ae6ce1a13ee3cc63e6960ae5a3ae4ad2e8eeee5",
"creation_date": 1587044124,
"downloadable": true,
"exiftool": {
"AssemblyVersion": "1.3.30.0",
"CharacterSet": "Unicode",
"CodeSize": "104448",
"Comments": "blablablabla",
"CompanyName": "blablabla",
"EntryPoint": "0xccef",
"FileDescription": "blablabla",
"FileFlagsMask": "0x003f",
"FileOS": "Win32",
"FileSubtype": "0",
"FileType": "Win32 EXE",
"FileTypeExtension": "exe",
"FileVersion": "1.3.30.0",
"FileVersionNumber": "1.3.30.0",
"ImageFileCharacteristics": "No relocs, Executable, Large address aware, 32-bit",
"ImageVersion": "0.0",
"InitializedDataSize": "339968",
"InternalName": "blablabla.exe",
"LanguageCode": "Neutral",
"LegalCopyright": "Copyright Β© blablabla 2020",
"LegalTrademarks": "blablabla",
"LinkerVersion": "9.0",
"MIMEType": "application/octet-stream",
"MachineType": "Intel 386 or later, and compatibles",
"OSVersion": "5.0",
"ObjectFileType": "Executable application",
"OriginalFileName": "blablabla.exe",
"PEType": "PE32",
"ProductName": "blablabla",
"ProductVersion": "1.3.30.0",
"ProductVersionNumber": "1.3.30.0",
"Subsystem": "Windows GUI",
"SubsystemVersion": "5.0",
"TimeStamp": "2020:04:16 15:35:24+02:00",
"UninitializedDataSize": "0"
},
"first_submission_date": 1587049407,
"last_analysis_date": 1588653326,
"last_analysis_results": {
"ALYac": {
"category": "malicious",
"engine_name": "ALYac",
"engine_update": "20200505",
"engine_version": "1.1.1.5",
"method": "blacklist",
"result": "Trojan.GenericKD.42996961"
},
"APEX": {
"category": "malicious",
"engine_name": "APEX",
"engine_update": "20200504",
"engine_version": "6.18",
"method": "blacklist",
"result": "Malicious"
},
"AVG": {
"category": "undetected",
"engine_name": "AVG",
"engine_update": "20200505",
"engine_version": "18.4.3895.0",
"method": "blacklist",
"result": null
},
"Acronis": {
"category": "malicious",
"engine_name": "Acronis",
"engine_update": "20200422",
"engine_version": "1.1.1.75",
"method": "blacklist",
"result": "suspicious"
},
"Ad-Aware": {
"category": "malicious",
"engine_name": "Ad-Aware",
"engine_update": "20200505",
"engine_version": "3.0.5.370",
"method": "blacklist",
"result": "Trojan.GenericKD.42996961"
},
"AegisLab": {
"category": "undetected",
"engine_name": "AegisLab",
"engine_update": "20200505",
"engine_version": "4.2",
"method": "blacklist",
"result": null
},
},
"last_analysis_stats": {
"confirmed-timeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 4,
"suspicious": 0,
"timeout": 1,
"type-unsupported": 0,
"undetected": 2
},
"last_modification_date": 1591945304,
"last_submission_date": 1587049407,
"magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit",
"md5": "b67828805dfdabf3a823278c3fdd37f7",
"meaningful_name": "blablabla.exe",
"names": [
"blablabla.exe",
"foo.exe"
],
"pe_info": {
"debug": [
{
"codeview": {
"age": 1,
"guid": "4743e25-e470-ee67-e2a7-5ce85ee2afb7",
"name": " ",
"signature": "RSDS"
},
"offset": 129512,
"size": 129,
"timestamp": "Fri Nov 23 19:58:56 2012",
"type": 2,
"type_str": "IMAGE_DEBUG_TYPE_CODEVIEW"
}
],
"entry_point": 52463,
"imphash": "9dd8c0ffefc8e287e5be665e3240f983",
"import_list": [
{
"imported_functions": [
"CreateToolhelp32Snapshot",
"GetLastError",
"InitializeCriticalSectionAndSpinCount",
"HeapFree",
"GetStdHandle",
"EnterCriticalSection",
"LCMapStringW",
"HeapCreate",
"lstrlenA",
"WriteConsoleW",
"GetConsoleCP",
"GetOEMCP",
"LCMapStringA",
"IsDebuggerPresent"
],
"library_name": "KERNEL32.dll"
}
],
"machine_type": 332,
"resource_details": [
{
"chi2": 829672.125,
"entropy": 3.8720788955688477,
"filetype": "Data",
"lang": "NEUTRAL",
"sha256": "3d7460d292abef8a0900ddec6244894d7e2edb054bd13389ee7ed5b8908f3f88",
"type": "RT_ICON"
},
{
"chi2": 387563.8125,
"entropy": 3.693312168121338,
"filetype": "Data",
"lang": "NEUTRAL",
"sha256": "2802c59713b7872e17df2ef6c9b10b3e879a2618e84c297e8dde8ed452eb5e116",
"type": "RT_ICON"
},
],
"resource_langs": {
"NEUTRAL": 2
},
"resource_types": {
"RT_ICON": 3
},
"sections": [
{
"chi2": 507704.625,
"entropy": 6.74595308303833,
"flags": "rx",
"md5": "31e33d2e3f3ba3efe0a362c39713b198",
"name": ".text",
"raw_size": 104448,
"virtual_address": 4096,
"virtual_size": 104152
},
{
"chi2": 415246.46875,
"entropy": 6.443132400512695,
"flags": "r",
"md5": "2a33cd3e315343b43c3620332d3a9376",
"name": ".rdata",
"raw_size": 28160,
"virtual_address": 110592,
"virtual_size": 28146
}
],
"timestamp": 1587044124
},
"reputation": 0,
"sha1": "a97e30d504b3e618fc377640d3e65793f6f37625",
"sha256": "abfa4d040cfb3cd9e22f2301bf0902330ca3a6031ce6a97324b1f1c31494696c",
"signature_info": {
"comments": "blablabla",
"copyright": "Copyright Β© blabla 2020",
"description": "blablabla",
"file version": "1.3.30.0",
"internal name": "blablabla.exe",
"original name": "blablabla.exe",
"product": "blablabla"
},
"size": 445440,
"ssdeep": "12288:GoL4Ene4T/vjLbeCJ6s8eFuiQe5Lb9u4eQae46/:Gwne4TDLbeBiGeo4e6/",
"tags": [
"peexe",
"runtime-modules",
"direct-cpu-clock-access",
"detect-debug-environment"
],
"times_submitted": 2,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"trid": [
{
"file_type": "Win32 Executable MS Visual C++ (generic)",
"probability": 41.0
},
{
"file_type": "Win64 Executable (generic)",
"probability": 36.3
},
{
"file_type": "Win32 Dynamic Link Library (generic)",
"probability": 8.6
},
{
"file_type": "Win32 Executable (generic)",
"probability": 5.9
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 2.6
}
],
"type_description": "Win32 EXE",
"type_tag": "peexe",
"unique_sources": 1,
"vhash": "0450466e6d157ez54ez10etz"
},
"id": "abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c",
"links": {
"self": "https://www.virustotal.com/api/v3/files/abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c"
},
"type": "file"
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/files/abfa4d04ecfb8cd9e22e2301bfe902c30caea6071ce6a9742eb1f1ce1494696c/pcap_children?limit=10"
},
"meta": {
"count": 1
}
}