The contents of the files that are included in the CSV archive are described in the table below. The first string in all files contains column names.
CSV archive contents for hash
File name |
Description |
Columns |
|
---|---|---|---|
ContainerCertificates.csv |
Information about the signatures and certificates of a container. |
ParentMd5—MD5 hash of the container's certificate. SerialNumber—Serial number of the container's certificate. Vendor—Owner of the container's certificate. Publisher—Publisher of the container's certificate. TimeStamp—Date and time when the container's certificate was signed. Issued—Date and time when the container's certificate was issued. Expires—Expiration date of the container's certificate. IsDirectlySigned—Shows whether a container's certificate is embedded into the file. IsDiscredited—Shows whether the container's certificate is discredited. IsTrusted—Shows whether the container's certificate is trusted. IsRevoked—Shows whether the container's certificate is revoked. IsGray—Shows whether the container's certificate is in a Gray zone. IsGood—Shows whether the container's certificate is in a Good zone. |
|
FileThreats.csv |
Information about detected objects related to the requested hash (for example, HEUR:Exploit.Script.Blocker). |
LastDetectDate—Date and time when the object was last detected by Kaspersky expert systems. DescriptionUrl—Link to the detected object description in Kaspersky threats website (if available). Zone—Color of the zone that the detection object belongs to. DetectionName—Name of the detected object. DetectionMethod—Method used to detect the object. |
|
FileUrls.csv |
Information about web addresses that were accessed by the file identified by the requested hash. |
Url—Web addresses accessed by the file identified by the requested hash. IsUrlTruncated—Shows whether private data was filtered in the displayed web address. Zone—Color of the zone that the web address belongs to. Domain—Upper domain of the web address used to download the file identified by the requested hash. LastDownloadDate—Date and time when the file identified by the requested hash was last downloaded from the web address / domain. IpsCount—Number of IP addresses that the domain resolves to. |
|
FileDownloadedBy.csv |
Information about objects that were downloaded by the file identified by the requested hash. |
Zone—Color of the zone that a file belongs to. HitsCount—Number of times the object was downloaded as detected by Kaspersky expert systems. Md5—MD5 hash of the downloaded object. Location—Root folder or drive where the downloaded object is located on user computers. Path—Path of the downloaded object on user computers. Name—Name of the downloaded object. LastDownloadDate—Date and time when the object was last downloaded by the file identified by the requested hash. DetectionName—Name of the detected object. |
|
FileDownloadedFromUrls.csv |
Information about web addresses and domains from which the file identified by the requested hash was downloaded. |
Url—Web addresses accessed by the file identified by the requested hash. IsUrlTruncated—Shows whether private data was filtered in the displayed web address. Zone—Color of the zone that the web address belongs to. Domain—Upper domain of the web address accessed by the file identified by the requested hash. LastDownloadDate—Date and time when the file identified by the requested hash last accessed the web address. IpsCount—Number of IP addresses that the domain resolves to. |
|
FileNames.csv |
Information about known names of the file identified by the requested hash on computers using Kaspersky software. |
FileName—Name of the file identified by the requested hash. FileNamesHitsCount—Number of file name detections by Kaspersky expert systems. |
|
FilePaths.csv |
Information about known paths to the file identified by the requested hash on computers using Kaspersky software. |
Path—Path to the file on user computers identified by the requested hash. Location—Root folder or drive where the file identified by the requested hash is located on user computers. FilePathHitsCount—Number of path detections by Kaspersky expert systems. |
|
FileCertificates.csv |
Information about signatures and certificates of the file identified by the requested hash. |
ParentMd5—MD5 hash of the certificate. SerialNumber—Serial number of the certificate. Vendor—Owner of the certificate. Publisher—Publisher of the certificate. TimeStamp—Date and time when the certificate was signed. Issued—Date and time when the certificate was issued. Expires—Expiration date of the certificate. IsDirectlySigned—Shows whether a certificate is embedded into the file. IsDiscredited—Shows whether the certificate is discredited. IsTrusted—Shows whether the certificate is trusted. IsRevoked—Shows whether the certificate is revoked. IsGray—Shows whether the certificate is in a Gray zone. IsGood—Shows whether the certificate is in a Good zone. |
|
FileStarters.csv |
Information about objects that started the file identified by the requested hash. |
Zone—Color of the zone that a file belongs to. HitsCount—Number of times the file identified by the requested hash was started as detected by Kaspersky expert systems. Md5—MD5 hash of the object that started the file identified by the requested hash. Location—Root folder or drive where the object is located on user computers. Path—Path to the object on user computers. Name—Name of the object that started the file identified by the requested hash. LastStartDate—Date and time when the file identified by the requested hash was last started. DetectionName—Name of the detected object. |
|
FileDownloaders.csv |
Information about objects that downloaded the file identified by the requested hash. |
Zone—Color of the zone that a file belongs to. HitsCount—Number of times the file identified by the requested hash was downloaded as detected by Kaspersky expert systems. Md5—MD5 hash of the object that downloaded the file identified by the requested hash. Location—Root folder or drive where the object is located on user computers. Path—Path to the object on user computers. Name—Name of the object that downloaded the file identified by the requested hash. LastDownloadDate—Date and time when the file identified by the requested hash was last downloaded. DetectionName—Name of the detected object. |
|
FileStartedBy.csv |
Information about objects that were started by the file that was identified by the requested hash. |
Zone—Color of the zone that a file belongs to. HitsCount—Number of times the file identified by the requested hash started the object as detected by Kaspersky expert systems. Md5—MD5 hash of the started object. Location—Root folder or drive where the started object is located on user computers. Path—Path to the object on user computers. Name—Name of the started object. LastStartDate—Date and time when the object was last started by the file identified by the requested hash. DetectionName—Name of the detected object. |
|
FileHashes.csv |
Information about file hashes and size. |
Md5—MD5 hash of the file requested by hash. Sha1—SHA1 hash of the file requested by hash. Sha256—SHA256 hash of the file requested by hash. Size—Size of the object that is being investigated by hash (in bytes). |
|
FileProperties.csv |
General information about the requested hash. |
Md5—MD5 hash of the file requested by hash. Sha256—SHA256 hash of the file requested by hash. FirstNotificationDate—Date and time when the requested hash was detected by Kaspersky expert systems for the first time. LastNotificationDate—Date and time when the requested hash was detected by Kaspersky expert systems for the last time. Signer—Organization that signed the requested hash. SignerZone—Color of the zone indicating the signer's trust level (red, gray, green). SignerStatus—Trust level of the object signature (Discredited, Not trusted, Trusted). Packer—Packer name. Size—Size of the object that is being investigated by hash (in bytes). Type—Format of the object that is being investigated by hash. HitsCount—Number of hits (popularity) of the requested hash detected by Kaspersky expert systems. HasApt—Shows whether the file is related to an advanced persistent threat (APT) attack. RelatedAptReports—IDs of APT Intelligence reports and Crimeware Threat Intelligence reports, to which the requested object is related. For each report, its ID, type (fin or apt), and title are provided in a JSON-like format (pseudo-JSON), for example: Categories—Categories of the requested object and zones that the category belongs to. Category and zone are provided in a JSON-like format (pseudo-JSON), for example: |
|
FileUnpackedFrom.csv |
Information about parent objects of the file identified by the requested hash. |
Zone—Color of the zone that the parent object belongs to. ParentMd5—MD5 hash of the parent object. ChildMd5—MD5 hash of the child object. For direct parent objects ( ParentFileSize—Size of the parent object (in bytes). ParentFileType—File type of the parent object. ParentDetectionName—Detected objects related to the parent object (for example, HEUR:Exploit.Script.Blocker). Level—Parent level. The direct parent of the requested object has |
|
FileUnpackedObjects.csv |
Information about child objects of the file identified by the requested hash. |
Zone—Color of the zone that the child object belongs to. ChildMD5—MD5 hash of the child object. ParentMD5—MD5 hash of the parent object. For direct child objects ( ChildFileSize—Size of the child object (in bytes). ChildFileType—File type of the child object. ChildDetectionName—Detected objects related to the child object (for example, HEUR:Exploit.Script.Blocker). Level—Child level. The |
|
SimilarFiles.csv |
Information about files that are similar to the requested object. |
MD5—MD5 hash of the object similar to the file identified by the requested hash. Zone—Color of the zone that the object similar to the file identified by the requested hash belongs to. Confidence—Level of confidence that the object is similar to the file identified by the requested hash. Kaspersky Threat Intelligence Portal displays similar files with a confidence level from 8 to 11. DetectionName—Name of the detected object (for example, HEUR:Exploit.Script.Blocker). Hits—Number of hits (popularity) for the object similar to the identified file (by the requested hash) detected by Kaspersky expert systems (rounded to nearest power of 10). FirstSeen—Date and time when the similar object was detected by Kaspersky expert systems for the first time (for your local time zone). LastSeen—Date and time, accurate to one minute, when the similar object was detected by Kaspersky expert systems for the last time (for your local time zone). Type—Type of the object similar to the file identified by the requested hash. Size—Size of the object similar to the file identified by the requested hash (in bytes). |
|
SpamReport.csv |
Information about spam attacks in which the requested object was attached to email messages. |
HitsCount—Number of email messages in which the requested object was attached. HitsByDate—Number of email messages in which the requested object was attached during one day. Subjects—Subjects of spam messages. FileNames—Names of attachments in spam messages. |