Class: HybridAnalysis::Clients::Submit

id (String) —

Id of the report from which the file should be analyzed. Id in one of format: ‘jobId’ or ‘sha256:environmentId’
file_hash (String) —

SHA256 of dropped file for analyze
no_share_third_party (Boolean, nil) (defaults to: nil) —

When set to ‘true’, the sample is never shared with any third party. Default: true

Returns:

(Hash)

# File 'lib/hybridanalysis/clients/submit.rb', line 232

def dropped_file(id:, file_hash:, no_share_third_party: nil)
  params = { id: id, file_hash: file_hash, no_share_third_party: no_share_third_party }.compact
  _post("/submit/dropped-file", params) { |json| json }
end

#file(file:, environment_id:, no_share_third_party: nil, allow_community_access: nil, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, submit_name: nil, document_password: nil, environment_variable: nil) ⇒ `Hash`

submit a file for analysis

Parameters:

file (file) —

file to submit
environment_id (Integer) —

Environment ID. Available environments ID: 300: ‘Linux (Ubuntu 16.04, 64 bit)’, 200: ‘Android Static Analysis’, 120: ‘Windows 7 64 bit’, 110: ‘Windows 7 32 bit (HWP Support)’, 100: ‘Windows 7 32 bit’
no_share_third_party (Boolean) (defaults to: nil) —

When set to ‘true’, the sample is never shared with any third party. Default: true
allow_community_access (Boolean) (defaults to: nil) —

When set to ‘true’, the sample will be available for the community. Default: true (Note: when ‘no_share_third_party’ is set to ‘false’, it won’t be possible to set different value than ‘true’)
no_hash_lookup (Boolean) (defaults to: nil) —

Default: false
action_script (String) (defaults to: nil) —

Optional custom runtime action script. Available runtime scripts: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie
hybrid_analysis (Boolean) (defaults to: nil) —

When set to ‘false’, no memory dumps or memory dump analysis will take place. Default: true
experimental_anti_evasion (Boolean) (defaults to: nil) —

When set to ‘true’, will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
script_logging (Boolean) (defaults to: nil) —

When set to ‘true’, will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
input_sample_tampering (Boolean) (defaults to: nil) —

When set to ‘true’, will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
tor_enabled_analysis (Boolean) (defaults to: nil) —

When set to ‘true’, will route the network traffic for the analysis via TOR (if properly configured on the server). Default: false
offline_analysis (Boolean) (defaults to: nil) —

When set to “true”, will disable outbound network traffic for the guest VM (takes precedence over ‘tor_enabled_analysis’ if both are provided). Default: false
email (String) (defaults to: nil) —

Optional E-Mail address that may be associated with the submission for notification
comment (String) (defaults to: nil) —

Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
custom_date_time (String) (defaults to: nil) —

Optional custom date/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm
custom_cmd_line (String) (defaults to: nil) —

Optional commandline that should be passed to the analysis file
custom_run_time (Integer) (defaults to: nil) —

Optional runtime duration (in seconds)
submit_name (String) (defaults to: nil) —

Optional ‘submission name’ field that will be used for file type detection and analysis
document_password (String) (defaults to: nil) —

Optional document password that will be used to fill-in Adobe/Office password prompts
environment_variable (String) (defaults to: nil) —

Optional system environment value. The value is provided in the format: name=value

Returns:

(Hash)

# File 'lib/hybridanalysis/clients/submit.rb', line 32

def file(file:, environment_id:, no_share_third_party: nil, allow_community_access: nil, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, submit_name: nil, document_password: nil, environment_variable: nil)
  name = File.basename(file)
  data = File.read(file)
  params = {
    environment_id: environment_id,
    no_share_third_party: no_share_third_party,
    allow_community_access: allow_community_access,
    no_hash_lookup: no_hash_lookup,
    action_script: action_script,
    hybrid_analysis: hybrid_analysis,
    experimental_anti_evasion: experimental_anti_evasion,
    script_logging: script_logging,
    input_sample_tampering: input_sample_tampering,
    tor_enabled_analysis: tor_enabled_analysis,
    offline_analysis: offline_analysis,
    email: email,
    omment: comment,
    custom_date_time: custom_date_time,
    custom_cmd_line: custom_cmd_line,
    custom_run_time: custom_run_time,
    submit_name: submit_name,
    document_password: document_password,
    environment_variable: environment_variable
  }.compact
  _post_with_file("/submit/file", file: data, filename: name, params: params) { |json| json }
end

#hash_for_url(url) ⇒ `Hash`

determine a SHA256 that an online file or URL submission will have when being processed by the system. Note: this is useful when looking up URL analysis

Parameters:

url (String) —

Url to check

Returns:

(Hash)

# File 'lib/hybridanalysis/clients/submit.rb', line 218

def hash_for_url(url)
  params = { url: url }.compact
  _post("/submit/hash-for-url", params) { |json| json }
end

#url(url:, environment_id:, no_share_third_party: nil, allow_community_access: nil, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, submit_name: nil, priority: nil, document_password: nil, environment_variable: nil) ⇒ `Hash`

submit a website’s url or url with file for analysis

Parameters:

url (String)
environment_id (Integer) —

Environment ID. Available environments ID: 300: ‘Linux (Ubuntu 16.04, 64 bit)’, 200: ‘Android Static Analysis’, 120: ‘Windows 7 64 bit’, 110: ‘Windows 7 32 bit (HWP Support)’, 100: ‘Windows 7 32 bit’
no_share_third_party (Boolean) (defaults to: nil) —

When set to ‘true’, the sample is never shared with any third party. Default: true
allow_community_access (Boolean) (defaults to: nil) —

When set to ‘true’, the sample will be available for the community. Ignored unless url contains a file, in other case, there will be a ‘true’ value. Default: true
no_hash_lookup (Boolean) (defaults to: nil) —

Default: false
action_script (String) (defaults to: nil) —

Optional custom runtime action script. Available runtime scripts: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie
hybrid_analysis (Boolean) (defaults to: nil) —

When set to ‘false’, no memory dumps or memory dump analysis will take place. Default: true
experimental_anti_evasion (Boolean) (defaults to: nil) —

When set to ‘true’, will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
script_logging (Boolean) (defaults to: nil) —

When set to ‘true’, will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
input_sample_tampering (Boolean) (defaults to: nil) —

When set to ‘true’, will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
tor_enabled_analysis (Boolean) (defaults to: nil) —

When set to ‘true’, will route the network traffic for the analysis via TOR (if properly configured on the server). Default: false
offline_analysis (Boolean) (defaults to: nil) —

When set to “true”, will disable outbound network traffic for the guest VM (takes precedence over ‘tor_enabled_analysis’ if both are provided). Default: false
email (String) (defaults to: nil) —

Optional E-Mail address that may be associated with the submission for notification
comment (String) (defaults to: nil) —

Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
custom_date_time (String) (defaults to: nil) —

Optional custom date/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm
custom_cmd_line (String) (defaults to: nil) —

Optional commandline that should be passed to the analysis file
custom_run_time (Integer) (defaults to: nil) —

Optional runtime duration (in seconds)
submit_name (String) (defaults to: nil) —

Optional ‘submission name’ field that will be used for file type detection and analysis. Ignored unless url contains a file
priority (Integer) (defaults to: nil) —

Optional priority value between 0 (default) and 100 (highest)
document_password (String) (defaults to: nil) —

Optional document password that will be used to fill-in Adobe/Office password prompts. Ignored unless url contains a file
environment_variable (String) (defaults to: nil) —

Optional system environment value. The value is provided in the format: name=value

Returns:

(Hash)

# File 'lib/hybridanalysis/clients/submit.rb', line 86

def url(url:, environment_id:, no_share_third_party: nil, allow_community_access: nil, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, submit_name: nil, priority: nil, document_password: nil, environment_variable: nil)
  params = {
    url: url,
    environment_id: environment_id,
    no_share_third_party: no_share_third_party,
    allow_community_access: allow_community_access,
    no_hash_lookup: no_hash_lookup,
    action_script: action_script,
    hybrid_analysis: hybrid_analysis,
    experimental_anti_evasion: experimental_anti_evasion,
    script_logging: script_logging,
    input_sample_tampering: input_sample_tampering,
    tor_enabled_analysis: tor_enabled_analysis,
    offline_analysis: offline_analysis,
    email: email,
    comment: comment,
    custom_date_time: custom_date_time,
    custom_cmd_line: custom_cmd_line,
    custom_run_time: custom_run_time,
    submit_name: submit_name,
    priority: priority,
    document_password: document_password,
    environment_variable: environment_variable
  }.compact
  _post("/submit/url", params) { |json| json }
end

#url_for_analysis(url:, environment_id:, no_share_third_party: nil, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, environment_variable: nil) ⇒ `Hash`

submit a url for analysis

Parameters:

url (String) —

url for analyze
environment_id (Integer) —

Environment ID. Available environments ID: 300: ‘Linux (Ubuntu 16.04, 64 bit)’, 200: ‘Android Static Analysis’, 120: ‘Windows 7 64 bit’, 110: ‘Windows 7 32 bit (HWP Support)’, 100: ‘Windows 7 32 bit’
no_share_third_party (Boolean, nil) (defaults to: nil) —

When set to ‘true’, the sample is never shared with any third party. Default: true
no_hash_lookup (Boolean, nil) (defaults to: nil) —

Default: false
action_script (String, nil) (defaults to: nil)
hybrid_analysis (Boolean, nil) (defaults to: nil) —

When set to ‘false’, no memory dumps or memory dump analysis will take place. Default: true
experimental_anti_evasion (Boolean, nil) (defaults to: nil) —

When set to ‘true’, will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
script_logging (Boolean, nil) (defaults to: nil) —

When set to ‘true’, will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
input_sample_tampering (Boolean, nil) (defaults to: nil) —

When set to ‘true’, will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
tor_enabled_analysis (Boolean, nil) (defaults to: nil) —

When set to ‘true’, will route the network traffic for the analysis via TOR (if properly configured on the server). Default: false
offline_analysis (Boolean, nil) (defaults to: nil) —

When set to “true”, will disable outbound network traffic for the guest VM (takes precedence over ‘tor_enabled_analysis’ if both are provided). Default: false
email (String, nil) (defaults to: nil) —

Optional E-Mail address that may be associated with the submission for notification
comment (String, nil) (defaults to: nil) —

Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
custom_date_time (String, nil) (defaults to: nil) —

Optional custom date/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm
custom_cmd_line (String, nil) (defaults to: nil) —

Optional commandline that should be passed to the analysis file
custom_run_time (Integer, nil) (defaults to: nil) —

Optional runtime duration (in seconds)
environment_variable (String, nil) (defaults to: nil)

Returns:

(Hash)

# File 'lib/hybridanalysis/clients/submit.rb', line 188

def url_for_analysis(url:, environment_id:, no_share_third_party: nil, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, environment_variable: nil)
  params = {
    url: url,
    environment_id: environment_id,
    no_share_third_party: no_share_third_party,
    no_hash_lookup: no_hash_lookup,
    action_script: action_script,
    hybrid_analysis: hybrid_analysis,
    experimental_anti_evasion: experimental_anti_evasion,
    script_logging: script_logging,
    input_sample_tampering: input_sample_tampering,
    tor_enabled_analysis: tor_enabled_analysis,
    offline_analysis: offline_analysis,
    email: email,
    comment: comment,
    custom_date_time: custom_date_time,
    custom_cmd_line: custom_cmd_line,
    custom_run_time: custom_run_time,
    environment_variable: environment_variable
  }.compact
  _post("/submit/url-for-analysis", params) { |json| json }
end

#url_to_file(url:, environment_id:, no_share_third_party: nil, allow_community_access: nil, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, submit_name: nil, document_password: nil, environment_variable: nil) ⇒ `Hash`

submit a file by url for analysis

Parameters:

url (String) —

url of file to submit
environment_id (Integer) —

Environment ID. Available environments ID: 300: ‘Linux (Ubuntu 16.04, 64 bit)’, 200: ‘Android Static Analysis’, 120: ‘Windows 7 64 bit’, 110: ‘Windows 7 32 bit (HWP Support)’, 100: ‘Windows 7 32 bit’
no_share_third_party (Boolean, nil) (defaults to: nil) —

When set to ‘true’, the sample is never shared with any third party. Default: true
allow_community_access (Boolean, nil) (defaults to: nil) —

When set to ‘true’, the sample will be available for the community. Default: true (Note: when ‘no_share_third_party’ is set to ‘false’, it won’t be possible to set different value than ‘true’)
no_hash_lookup (Boolean, nil) (defaults to: nil) —

Default: false
action_script (String, nil) (defaults to: nil) —

Optional custom runtime action script. Available runtime scripts: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie
hybrid_analysis (Boolean, nil) (defaults to: nil) —

When set to ‘false’, no memory dumps or memory dump analysis will take place. Default: true
experimental_anti_evasion (Boolean, nil) (defaults to: nil) —

When set to ‘true’, will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
script_logging (Boolean, nil) (defaults to: nil) —

When set to ‘true’, will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
input_sample_tampering (Boolean, nil) (defaults to: nil) —

When set to ‘true’, will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
tor_enabled_analysis (Boolean, nil) (defaults to: nil) —

When set to ‘true’, will route the network traffic for the analysis via TOR (if properly configured on the server). Default: false
offline_analysis (Boolean, nil) (defaults to: nil) —

When set to “true”, will disable outbound network traffic for the guest VM (takes precedence over ‘tor_enabled_analysis’ if both are provided). Default: false
email (String, nil) (defaults to: nil) —

Optional E-Mail address that may be associated with the submission for notification
comment (String, nil) (defaults to: nil) —

Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
custom_date_time (String, nil) (defaults to: nil) —

Optional custom date/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm
custom_cmd_line (String, nil) (defaults to: nil) —

Optional commandline that should be passed to the analysis file
custom_run_time (Integer, nil) (defaults to: nil) —

Optional runtime duration (in seconds)
submit_name (String, nil) (defaults to: nil) —

Optional ‘submission name’ field that will be used for file type detection and analysis
document_password (String, nil) (defaults to: nil) —

Optional document password that will be used to fill-in Adobe/Office password prompts
environment_variable (String, nil) (defaults to: nil) —

Optional system environment value. The value is provided in the format: name=value

Returns:

(Hash)

# File 'lib/hybridanalysis/clients/submit.rb', line 139

def url_to_file(url:, environment_id:, no_share_third_party: nil, allow_community_access: nil, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, submit_name: nil, document_password: nil, environment_variable: nil)
  params = {
    url: url,
    environment_id: environment_id,
    no_share_third_party: no_share_third_party,
    allow_community_access: allow_community_access,
    no_hash_lookup: no_hash_lookup,
    action_script: action_script,
    hybrid_analysis: hybrid_analysis,
    experimental_anti_evasion: experimental_anti_evasion,
    script_logging: script_logging,
    input_sample_tampering: input_sample_tampering,
    tor_enabled_analysis: tor_enabled_analysis,
    offline_analysis: offline_analysis,
    email: email,
    comment: comment,
    custom_date_time: custom_date_time,
    custom_cmd_line: custom_cmd_line,
    custom_run_time: custom_run_time,
    submit_name: submit_name,
    document_password: document_password,
    environment_variable: environment_variable
  }.compact
  _post("/submit/url-to-file", params) { |json| json }
end

Class: HybridAnalysis::Clients::Submit

Constant Summary

Constants inherited from Client

Instance Attribute Summary

Attributes inherited from Client

Instance Method Summary collapse

Methods inherited from Client

Constructor Details

Instance Method Details

#dropped_file(id:, file_hash:, no_share_third_party: nil) ⇒ Hash

#hash_for_url(url) ⇒ Hash

#dropped_file(id:, file_hash:, no_share_third_party: nil) ⇒ `Hash`

#hash_for_url(url) ⇒ `Hash`