Exporting results for hash

The contents of the files that are included in the CSV archive are described in the table below. The first string in all files contains column names.

CSV archive contents for hash

File name

Description

Columns

ContainerCertificates.csv

Information about the signatures and certificates of a container.

ParentMd5—MD5 hash of the container's certificate.

SerialNumber—Serial number of the container's certificate.

Vendor—Owner of the container's certificate.

Publisher—Publisher of the container's certificate.

TimeStamp—Date and time when the container's certificate was signed.

Issued—Date and time when the container's certificate was issued.

Expires—Expiration date of the container's certificate.

IsDirectlySigned—Shows whether a container's certificate is embedded into the file.

IsDiscredited—Shows whether the container's certificate is discredited.

IsTrusted—Shows whether the container's certificate is trusted.

IsRevoked—Shows whether the container's certificate is revoked.

IsGray—Shows whether the container's certificate is in a Gray zone.

IsGood—Shows whether the container's certificate is in a Good zone.

FileThreats.csv

Information about detected objects related to the requested hash (for example, HEUR:Exploit.Script.Blocker).

LastDetectDate—Date and time when the object was last detected by Kaspersky expert systems.

DescriptionUrl—Link to the detected object description in Kaspersky threats website (if available).

Zone—Color of the zone that the detection object belongs to.

DetectionName—Name of the detected object.

DetectionMethod—Method used to detect the object.

FileUrls.csv

Information about web addresses that were accessed by the file identified by the requested hash.

Url—Web addresses accessed by the file identified by the requested hash.

IsUrlTruncated—Shows whether private data was filtered in the displayed web address.

Zone—Color of the zone that the web address belongs to.

Domain—Upper domain of the web address used to download the file identified by the requested hash.

LastDownloadDate—Date and time when the file identified by the requested hash was last downloaded from the web address / domain.

IpsCount—Number of IP addresses that the domain resolves to.

FileDownloadedBy.csv

Information about objects that were downloaded by the file identified by the requested hash.

Zone—Color of the zone that a file belongs to.

HitsCount—Number of times the object was downloaded as detected by Kaspersky expert systems.

Md5—MD5 hash of the downloaded object.

Location—Root folder or drive where the downloaded object is located on user computers.

Path—Path of the downloaded object on user computers.

Name—Name of the downloaded object.

LastDownloadDate—Date and time when the object was last downloaded by the file identified by the requested hash.

DetectionName—Name of the detected object.

FileDownloadedFromUrls.csv

Information about web addresses and domains from which the file identified by the requested hash was downloaded.

Url—Web addresses accessed by the file identified by the requested hash.

IsUrlTruncated—Shows whether private data was filtered in the displayed web address.

Zone—Color of the zone that the web address belongs to.

Domain—Upper domain of the web address accessed by the file identified by the requested hash.

LastDownloadDate—Date and time when the file identified by the requested hash last accessed the web address.

IpsCount—Number of IP addresses that the domain resolves to.

FileNames.csv

Information about known names of the file identified by the requested hash on computers using Kaspersky software.

FileName—Name of the file identified by the requested hash.

FileNamesHitsCount—Number of file name detections by Kaspersky expert systems.

FilePaths.csv

Information about known paths to the file identified by the requested hash on computers using Kaspersky software.

Path—Path to the file on user computers identified by the requested hash.

Location—Root folder or drive where the file identified by the requested hash is located on user computers.

FilePathHitsCount—Number of path detections by Kaspersky expert systems.

FileCertificates.csv

Information about signatures and certificates of the file identified by the requested hash.

ParentMd5—MD5 hash of the certificate.

SerialNumber—Serial number of the certificate.

Vendor—Owner of the certificate.

Publisher—Publisher of the certificate.

TimeStamp—Date and time when the certificate was signed.

Issued—Date and time when the certificate was issued.

Expires—Expiration date of the certificate.

IsDirectlySigned—Shows whether a certificate is embedded into the file.

IsDiscredited—Shows whether the certificate is discredited.

IsTrusted—Shows whether the certificate is trusted.

IsRevoked—Shows whether the certificate is revoked.

IsGray—Shows whether the certificate is in a Gray zone.

IsGood—Shows whether the certificate is in a Good zone.

FileStarters.csv

Information about objects that started the file identified by the requested hash.

Zone—Color of the zone that a file belongs to.

HitsCount—Number of times the file identified by the requested hash was started as detected by Kaspersky expert systems.

Md5—MD5 hash of the object that started the file identified by the requested hash.

Location—Root folder or drive where the object is located on user computers.

Path—Path to the object on user computers.

Name—Name of the object that started the file identified by the requested hash.

LastStartDate—Date and time when the file identified by the requested hash was last started.

DetectionName—Name of the detected object.

FileDownloaders.csv

Information about objects that downloaded the file identified by the requested hash.

Zone—Color of the zone that a file belongs to.

HitsCount—Number of times the file identified by the requested hash was downloaded as detected by Kaspersky expert systems.

Md5—MD5 hash of the object that downloaded the file identified by the requested hash.

Location—Root folder or drive where the object is located on user computers.

Path—Path to the object on user computers.

Name—Name of the object that downloaded the file identified by the requested hash.

LastDownloadDate—Date and time when the file identified by the requested hash was last downloaded.

DetectionName—Name of the detected object.

FileStartedBy.csv

Information about objects that were started by the file that was identified by the requested hash.

Zone—Color of the zone that a file belongs to.

HitsCount—Number of times the file identified by the requested hash started the object as detected by Kaspersky expert systems.

Md5—MD5 hash of the started object.

Location—Root folder or drive where the started object is located on user computers.

Path—Path to the object on user computers.

Name—Name of the started object.

LastStartDate—Date and time when the object was last started by the file identified by the requested hash.

DetectionName—Name of the detected object.

FileHashes.csv

Information about file hashes and size.

Md5—MD5 hash of the file requested by hash.

Sha1—SHA1 hash of the file requested by hash.

Sha256—SHA256 hash of the file requested by hash.

Size—Size of the object that is being investigated by hash (in bytes).

FileProperties.csv

General information about the requested hash.

Md5—MD5 hash of the file requested by hash.

Sha256—SHA256 hash of the file requested by hash.

FirstNotificationDate—Date and time when the requested hash was detected by Kaspersky expert systems for the first time.

LastNotificationDate—Date and time when the requested hash was detected by Kaspersky expert systems for the last time.

Signer—Organization that signed the requested hash.

SignerZone—Color of the zone indicating the signer's trust level (red, gray, green).

SignerStatus—Trust level of the object signature (Discredited, Not trusted, Trusted).

Packer—Packer name.

Size—Size of the object that is being investigated by hash (in bytes).

Type—Format of the object that is being investigated by hash.

HitsCount—Number of hits (popularity) of the requested hash detected by Kaspersky expert systems.

HasApt—Shows whether the file is related to an advanced persistent threat (APT) attack.

RelatedAptReports—IDs of APT Intelligence reports and Crimeware Threat Intelligence reports, to which the requested object is related. For each report, its ID, type (fin or apt), and title are provided in a JSON-like format (pseudo-JSON), for example: {Id : 632-apt , Type : apt , Title : Sofacy-Delphocy Toolset}. If there are several reports for the requested object, each report is enclosed in braces, and reports are separated by a comma. The report ID can be used as an argument (publication_id) for the get_one endpoint, which is used to obtain specific information for a report.

Categories—Categories of the requested object and zones that the category belongs to. Category and zone are provided in a JSON-like format (pseudo-JSON), for example: {Name : CATEGORY_APT, Zone : Red}. If the requested object does not belong to any defined categories, the General category is specified.

FileUnpackedFrom.csv

Information about parent objects of the file identified by the requested hash.

Zone—Color of the zone that the parent object belongs to.

ParentMd5—MD5 hash of the parent object.

ChildMd5—MD5 hash of the child object. For direct parent objects (level=0), the MD5 hash of the requested object is provided.

ParentFileSize—Size of the parent object (in bytes).

ParentFileType—File type of the parent object.

ParentDetectionName—Detected objects related to the parent object (for example, HEUR:Exploit.Script.Blocker).

Level—Parent level. The direct parent of the requested object has level=0. The parent of the requested object's parent has level=1, and so on. The maximum possible level is 5.

FileUnpackedObjects.csv

Information about child objects of the file identified by the requested hash.

Zone—Color of the zone that the child object belongs to.

ChildMD5—MD5 hash of the child object.

ParentMD5—MD5 hash of the parent object. For direct child objects (level=0), the MD5 hash of the requested object is displayed.

ChildFileSize—Size of the child object (in bytes).

ChildFileType—File type of the child object.

ChildDetectionNameDetected objects related to the child object (for example, HEUR:Exploit.Script.Blocker).

Level—Child level. The direct child of the requested object has level=0. The child of the requested object's child has level=1, and so on. The maximum possible level is 5.

SimilarFiles.csv

Information about files that are similar to the requested object.

MD5—MD5 hash of the object similar to the file identified by the requested hash.

Zone—Color of the zone that the object similar to the file identified by the requested hash belongs to.

Confidence—Level of confidence that the object is similar to the file identified by the requested hash. Kaspersky Threat Intelligence Portal displays similar files with a confidence level from 8 to 11.

DetectionName—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

Hits—Number of hits (popularity) for the object similar to the identified file (by the requested hash) detected by Kaspersky expert systems (rounded to nearest power of 10).

FirstSeen—Date and time when the similar object was detected by Kaspersky expert systems for the first time (for your local time zone).

LastSeen—Date and time, accurate to one minute, when the similar object was detected by Kaspersky expert systems for the last time (for your local time zone).

Type—Type of the object similar to the file identified by the requested hash.

Size—Size of the object similar to the file identified by the requested hash (in bytes).

SpamReport.csv

Information about spam attacks in which the requested object was attached to email messages.

HitsCount—Number of email messages in which the requested object was attached.

HitsByDate—Number of email messages in which the requested object was attached during one day.

Subjects—Subjects of spam messages.

FileNames—Names of attachments in spam messages.

Page top