Submit samples for analysis.

post

https://api-YOUR-INSTANCE.analysis.threatray.com/v1/submissions/samples

Submit a file or a ZIP file for analysis. A set of parameters can be given to specify how the file should be analyzed. Note: The parameters starting with raw_binary are only allowed and considered in combination with the parameter raw_binary_file_format set to unknown, raw or pe.

Body Params

analysis_mode

string

enum

Defaults to dynamic

Mode of the analysis, can be dynamic (execution in a sandbox) or static analysis.

Allowed:

enable_network

boolean

Defaults to true

Enable or disable network access to the internet (unfiltered) for the dynamic analysis environment. This only applies to dynamic analyses.

environments

array of strings

Defaults to win10_latest_x64

The dynamic analysis operating systems to be used for the analysis. This only applies to dynamic analyses.

environments

file

object

required

type: file-object

File to be submitted for analysis.

first_seen

integer

Defaults to now

First seen timestamp in UNIX-epoch format of the submitted sample.

label

string

Label of the submitted file.

priority

enum

Priority tier of the analysis. Determines scheduling priority relative to other queued analyses. Accepted values: "high", "normal", "low". Numeric values 0-9 are deprecated but still accepted for backwards compatibility. They map to tiers as follows: 0 = low, 1-4 = normal, 5-9 = high.

raw_binary_cpu_architecture

string

enum

The raw_binary_cpu_architecture tells Threatray which CPU architecture it should use to search for function entry points and to disassemble the sample.

Allowed:

raw_binary_file_format

string

enum

The raw binary file format indicates that the sender wants to send a custom binary file which potentially is not supported by default.

Allowed:

raw_binary_function_entry_point_detection_needed

boolean

If the flag is true, Threatray will try to find function entry points automatically. If it is false, the program expects the request to contain a function entry point

raw_binary_function_file_offset

string

type: int/string

This option only allowed in combination with raw_binary_function_entry_point_detection_needed=false. Threatray expects a file offset beginning from the image base address. The parameter accepts decimal or hexadecimal numbers as integer or string e.g 1234 or "0x1234"

raw_binary_image_base_address

string

type: int/string

The parameter allows to define the image base address as decimal or hexadecimal number as integer or string e.g 1234 or "0x1234"

timeout

integer

15 to 1500

Defaults to 180

Timeout of the dynamic analysis in seconds. This only applies to dynamic analyses.

dll_exports

array of strings

A list of DLL exports that shall be called during execution. For each export, an argument needs to be specified, the argument can be an empty string.

dll_exports

dll_arguments

array of strings

A list of DLL arguments passed to the DLL exports during execution. For each argument, an export needs to be specified.

dll_arguments

is_compound_sample

boolean

Defaults to false

Specifies whether the uploaded archive should be treated as a single compound sample (instead of separately analyzing each file). If true, the entry_point parameter must be provided to indicate the main executable file within the archive.

entry_point

string | null

The path to the main executable file within a compound sample. Required when is_compound_sample is true.

cmd_line_arguments

string | null

Optional command-line arguments to be passed to the executed sample. Only supported for executable files (without DLLs).

Response

200The response contains all the analyses of samples that were created with the respective task that is handling the analysis.