Get executable details
Relative path: /v1/executables/{executableUuid}
Get details of particular executable.
Parameters in path
Name |
Type |
Required |
Description |
|---|---|---|---|
executableUuid |
string |
Yes |
Reference to the executable whose details are requested. type: Executable |
Responses
Display Schema instead of an Example or vice-versa
Code |
Description |
Example |
Schema |
|---|---|---|---|
200 |
A successful response. |
{
"executable": {
"applicationDisplayName": "string",
"applicationVersionName": "string",
"description": "string",
"developerDisplayName": "string",
"devicesCount": 0,
"displayName": "string",
"fileFormat": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
"fileSize": "string",
"firstOccurTime": "string",
"hashMd5": "string",
"hashSha1": "string",
"hashSha2256": "string",
"isBlocked": true,
"isDynamicallyLinkedLibrary": true,
"lastExecuteTime": "string",
"libraryId": "string",
"liveGridFindings": {
"ageDays": 0,
"firstOccurTime": "string",
"popularity": 0,
"reputation": 0
},
"machoSignature": {
"codeIdentifier": "string",
"teamIdentifier": "string"
},
"packerName": "string",
"peVersionInfo": {
"companyName": "string",
"fileDescription": "string",
"fileVersion": "string",
"internalName": "string",
"originalFileName": "string",
"productName": "string",
"productVersion": "string"
},
"sfxTypeName": "string",
"signatures": [
{
"certificateChain": [
{
"issuerCommonName": "string",
"subjectCommonName": "string"
}
],
"signatureTrustLevel": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
"signerName": "string"
}
],
"tags": [
"string"
],
"versionName": "string",
"uuid": "string"
}
} |
{
"$ref": "v1GetExecutableResponse",
"executable": {
"$ref": "v1Executable",
"description": {
"type": "string",
"description": "File description of the file, for example, 'Keyboard Driver for AT-Style Keyboards'. EI migration: https://help.eset.com/ei_navigate/1.8/en-US/?executable_details.html File description"
},
"applicationDisplayName": {
"type": "string",
"description": "The name of the application with which the file is distributed. EI migration: Product name"
},
"applicationVersionName": {
"type": "string",
"description": "Version of the application with which the file is distributed. EI migration: Product version"
},
"developerDisplayName": {
"type": "string",
"description": "Human readable version of executable developer. For example: Microsoft Corporation or Standard Micro-systems Corporation, Inc. EI migration: Company name"
},
"devicesCount": {
"type": "integer",
"description": "The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view, with a filtered computers list. EI migration: Seen on",
"format": "int64"
},
"displayName": {
"type": "string",
"description": "The name of the executable or DLL. EI migration: https://help.eset.com/ei_navigate/1.8/en-US/?executable_details.html Name"
},
"fileFormat": {
"$ref": "v1ExecutableFileFormat",
"type": "string",
"description": "Format of executable. Subset of more complete list. EXECUTABLE_FILE_FORMAT_UNSPECIFIED: fallback EXECUTABLE_FILE_FORMAT_ELF: Unix-like, OpenVMS, BeOS from R4 onwards, Haiku, SerenityOS EXECUTABLE_FILE_FORMAT_PE: Windows, ReactOS, HX DOS Extender, BeOS (R3 only) EXECUTABLE_FILE_FORMAT_MACHO: NeXTSTEP, macOS, iOS, watchOS, tvOS",
"default": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
"enum": [
"EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
"EXECUTABLE_FILE_FORMAT_ELF",
"EXECUTABLE_FILE_FORMAT_PE",
"EXECUTABLE_FILE_FORMAT_MACHO"
]
},
"fileSize": {
"type": "string",
"description": "The size of the file on the disk.",
"format": "uint64"
},
"firstOccurTime": {
"type": "string",
"description": "When an executable was first seen on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/1.8/en-US/?executable_details.html First Seen",
"format": "date-time"
},
"hashMd5": {
"type": "string",
"description": "MD5 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/1.8/en-US/?executable_details.html MD5"
},
"hashSha1": {
"type": "string",
"description": "SHA1 hash of the executable. EI migration: https://help.eset.com/ei_navigate/1.8/en-US/?executable_details.html Sha-1"
},
"hashSha2256": {
"type": "string",
"description": "SHA2-256 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/1.8/en-US/?executable_details.html Sha-256"
},
"isBlocked": {
"type": "boolean",
"description": "If true, the executable is blocked from being executed (globally)."
},
"isDynamicallyLinkedLibrary": {
"title": "If true, the executable represents dynamically linked library (dynamic-link library, or DLL, under Windows and OS/2; shareable image under OpenVMS;[18] dynamic shared object, or DSO, under Unix-like systems)",
"type": "boolean"
},
"lastExecuteTime": {
"type": "string",
"description": "When an executable was last executed on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/1.8/en-US/?executable_details.html Last Executed",
"format": "date-time"
},
"libraryId": {
"title": "Internal name for PE DLLs Shared object name in ELF dynamic libraries Library ID in MACHO dynamic libraries",
"type": "string",
"description": "Examples: Library ID for a MACHO dylib: „System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/ImageFormats/snorm16_rgba.dylib' And ELF shared object name (for a file called „libhgfs.so.0.0.0“): „libhgfs.so.0'"
},
"liveGridFindings": {
"$ref": "v1LiveGridFindings",
"description": "Findings of LiveGrid.",
"ageDays": {
"type": "integer",
"description": "Age of the finding in days.",
"format": "int64"
},
"firstOccurTime": {
"type": "string",
"description": "When an executable was first seen on any computer connected to LiveGrid®.",
"format": "date-time"
},
"popularity": {
"type": "number",
"description": "How many computers reported an executable to LiveGrid®. Normalized to value between 0 and 1. This value is frequently shown in UI as a progressbar of three color",
"format": "double"
},
"reputation": {
"type": "number",
"description": "Is a number from 0 to 1, indicating how safe the file is. Reputation > 0.0 && < 0.3 -> malicious Reputation > 0.3 && < 0.8 -> suspicious Reputation > 0.8 -> safe.",
"format": "double"
}
},
"machoSignature": {
"$ref": "v1MachoSignature",
"description": "Details of Mach-O signature.",
"codeIdentifier": {
"type": "string",
"description": "The 'identifier' field is used to uniquely identify a specific version of the code or a code directory within the code signing process. Examples are: com.microsoft.edgemac.helper.renderer, com.eset.remoteadministrator.agent code identifier can be present also for unsigned files. Info: More details can be found at https://opensource.apple.com/source/Security/Security-55471.14/libsecurity_codesigning/lib/codedirectory.h.auto.html"
},
"teamIdentifier": {
"type": "string",
"description": "The Team ID is a unique 10-character string generated by Apple that’s assigned to your team. Once Apple has issued a Team ID to a team, we won’t issue that same Team ID to any other team. Also, only appropriately authorised members of that team can ship code si gned with that Team ID. More on this: https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/"
}
},
"packerName": {
"type": "string",
"description": "The name of packer if a executable is packed. EI migration: Packer name"
},
"peVersionInfo": {
"$ref": "v1PeVersionInfo",
"description": "Windows VersionInfo about portable executable.",
"companyName": {
"type": "string",
"description": "Company that produced the file—for example, Microsoft Corporation or Standard Microsystems Corporation, Inc."
},
"fileDescription": {
"type": "string",
"description": "File description to be presented to users. This string may be displayed in a list box when the user is choosing files to install—for example, Keyboard Driver for AT-Style Keyboards."
},
"fileVersion": {
"type": "string",
"description": "Version number of the file—for example, 3.10 or 5.00.RC2."
},
"internalName": {
"type": "string",
"description": "Internal name of the file, if one exists—for example, a module name if the file is a dynamic-link library. If the file has no internal name, this string should be the original filename, without extension."
},
"originalFileName": {
"type": "string",
"description": "Original name of the file, not including a path. This information enables an application to determine whether a file has been renamed by a user. The format of the name depends on the file system for which the file was created."
},
"productName": {
"type": "string",
"description": "Name of the product with which the file is distributed."
},
"productVersion": {
"type": "string",
"description": "Version of the product with which the file is distributed—for example, 3.10 or 5.00.RC2."
}
},
"sfxTypeName": {
"type": "string",
"description": "Self-extracting archive type, if an executable is packed. EI migration: SFX name"
},
"signatures": [
{
"$ref": "v1CodeSignature",
"description": "Code signature details.",
"certificateChain": [
{
"$ref": "v1Certificate",
"description": "Represents cryptographic certificate. Full structure of X.509 certificate to be covered as requested. Certificate Version Certificate Serial Number Signature Algorithm Identifier Issuer Name (Distinguished Name) Common Name (CN) <-- Part of Issuer Name Country (C) <-- Part of Issuer Name Organization (O) <-- Part of Issuer Name Organizational Unit (OU) <-- Part of Issuer Name Validity Period (Not Before and Not After dates) Subject Name (Distinguished Name) Common Name (CN) <-- Part of Subject Name Country (C) <-- Part of Subject Name Organization (O) <-- Part of Subject Name Organizational Unit (OU) <-- Part of Subject Name Subject Public Key Info (Key Algorithm and Key) Certificate Extensions (optional) Signature Algorithm (Algorithm used to sign the certificate) Signature Value (Digital Signature of the certificate)",
"issuerCommonName": {
"title": "CN part of distinguished Issuer Name (OID 2.5.4.3)",
"type": "string",
"description": "Issuer is the entity (Certificate Authority) that issues the certificate. The Issuer's identity is typically specified in the certificate."
},
"subjectCommonName": {
"title": "CN part of distinguished Subject Name (OID 2.5.4.3)",
"type": "string",
"description": "Subject is the entity whose public key is bound to the certificate. The Subject's identity is also specified in the certificate."
}
}
],
"signatureTrustLevel": {
"$ref": "v1SignatureTrustLevel",
"type": "string",
"description": "Level of signature trust. Items are sorted by their trustworthiness from the least trustworthy case of ad-hoc signature to the signature trusted by ESET. Basically, 0 - 79 means untrusted and 80+ means trusted. SIGNATURE_TRUST_LEVEL_UNSPECIFIED: fallback SIGNATURE_TRUST_LEVEL_AD_HOC: Signature that is created without a certificate from a Certificate Authority (CA) is least trustworthy, because it can't be traced back to a known entity. For example: https://developer.apple.com/documentation/security/seccodesignatureflags/1397793-adhoc - SIGNATURE_TRUST_LEVEL_INVALID: The signature doesn't match the content it's supposed to be signing, or it's been signed with a certificate that's expired or revoked. It's not trustworthy. - SIGNATURE_TRUST_LEVEL_NO_SIGNATURE: There's no signature at all. It's not trustworthy because there's no way to verify the source or integrity of the content. - SIGNATURE_TRUST_LEVEL_SELF_SIGNED: The signature was created with a self-signed certificate. It's somewhat trustworthy, but less so than a signature from a CA because it can't be traced back to a known entity. - SIGNATURE_TRUST_LEVEL_OS_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by the operating system. It's generally trustworthy. - SIGNATURE_TRUST_LEVEL_ESET_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by ESET. It's generally trustworthy.",
"default": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
"enum": [
"SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
"SIGNATURE_TRUST_LEVEL_AD_HOC",
"SIGNATURE_TRUST_LEVEL_INVALID",
"SIGNATURE_TRUST_LEVEL_NO_SIGNATURE",
"SIGNATURE_TRUST_LEVEL_SELF_SIGNED",
"SIGNATURE_TRUST_LEVEL_OS_TRUSTED",
"SIGNATURE_TRUST_LEVEL_ESET_TRUSTED"
]
},
"signerName": {
"type": "string",
"description": "The signer's name is extracted from the signature, possibly using a heuristic. In the case of PE, the name is there verbatim."
}
}
],
"tags": [
{
"type": "string"
}
],
"versionName": {
"type": "string",
"description": "Version number of the file, for example, '3.10' or '5.00.RC2'. EI migration: File version"
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
}
}
} |
default |
An unexpected error response. |
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
} |
{
"$ref": "rpcStatus",
"code": {
"type": "integer",
"format": "int32"
},
"message": {
"type": "string"
},
"details": [
{
"$ref": "protobufAny",
"@type": {
"type": "string"
}
}
]
} |
202 |
Response took too long and the request was cached. |
null |
[] |