Select the tab
ESET Connect – Table of Contents

GET Get executable

Relative path: /v1/executables/{executableUuid}

Get details of a specific executable.

Parameters in path

Name

Type

Required

Description

executableUuid

string

Yes

Reference to the executable whose details are requested.

type: Executable



Responses

Display Schema instead of an Example or vice-versa

Code

Description

Example

Schema

200

Successful response.

{
  "executable": {
    "applicationDisplayName": "string",
    "applicationVersionName": "string",
    "description": "string",
    "developerDisplayName": "string",
    "devicesCount": 0,
    "displayName": "string",
    "fileFormat": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
    "fileSize": "string",
    "firstOccurTime": "string",
    "hashMd5": "string",
    "hashSha1": "string",
    "hashSha2256": "string",
    "isBlocked": true,
    "isDynamicallyLinkedLibrary": true,
    "lastExecuteTime": "string",
    "libraryId": "string",
    "liveGridFindings": {
      "ageDays": 0,
      "firstOccurTime": "string",
      "popularity": 0,
      "reputation": 0
    },
    "machoSignature": {
      "codeIdentifier": "string",
      "teamIdentifier": "string"
    },
    "packerName": "string",
    "peVersionInfo": {
      "companyName": "string",
      "fileDescription": "string",
      "fileVersion": "string",
      "internalName": "string",
      "originalFileName": "string",
      "productName": "string",
      "productVersion": "string"
    },
    "sfxTypeName": "string",
    "signatures": [
      {
        "certificateChain": [
          {
            "issuerCommonName": "string",
            "subjectCommonName": "string"
          }
        ],
        "signatureTrustLevel": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
        "signerName": "string"
      }
    ],
    "tags": [
      "string"
    ],
    "versionName": "string",
    "uuid": "string"
  }
}
{
  "$ref": "v1GetExecutableResponse",
  "executable": {
    "$ref": "v1Executable",
    "description": {
      "type": "string",
      "description": "The description of the file, for example, 'Keyboard Driver for AT-Style Keyboards'. Info: Corresponds to 'File description' in ESET Inspect. ESET Inspect On-Prem: Executable details"
    },
    "applicationDisplayName": {
      "type": "string",
      "description": "The name of the application with which the file is distributed. Info: Corresponds to 'Product name' in ESET Inspect."
    },
    "applicationVersionName": {
      "type": "string",
      "description": "The version of the application with which the file is distributed. Info: Corresponds to 'Product version' in ESET Inspect."
    },
    "developerDisplayName": {
      "type": "string",
      "description": "A human-readable version of the executable developer. For example, Microsoft Corporation or Standard Micro-systems Corporation, Inc. Info: Corresponds to 'Company name' in ESET Inspect."
    },
    "devicesCount": {
      "type": "integer",
      "description": "The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view with a filtered computers list. Info: Corresponds to 'Seen on' in ESET Inspect.",
      "format": "int64"
    },
    "displayName": {
      "type": "string",
      "description": "The name of the executable or DLL. Info: Corresponds to 'Name' in ESET Inspect. ESET Inspect On-Prem: Executable details"
    },
    "fileFormat": {
      "$ref": "v1ExecutableFileFormat",
      "type": "string",
      "description": "Format of an executable. A subset of a more complete list. EXECUTABLE_FILE_FORMAT_UNSPECIFIED: fallback EXECUTABLE_FILE_FORMAT_ELF: Unix-like, OpenVMS, BeOS from R4 onwards, Haiku, SerenityOS EXECUTABLE_FILE_FORMAT_PE: Windows, ReactOS, HX DOS Extender, BeOS (R3 only) EXECUTABLE_FILE_FORMAT_MACHO: NeXTSTEP, macOS, iOS, watchOS, tvOS",
      "default": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
      "enum": [
        "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
        "EXECUTABLE_FILE_FORMAT_ELF",
        "EXECUTABLE_FILE_FORMAT_PE",
        "EXECUTABLE_FILE_FORMAT_MACHO"
      ]
    },
    "fileSize": {
      "type": "string",
      "description": "The size of the file on the disk.",
      "format": "uint64"
    },
    "firstOccurTime": {
      "type": "string",
      "description": "When an executable was first seen on any computer in a monitored network. Info: Corresponds to 'First Seen' in ESET Inspect. ESET Inspect On-Prem: Executable details",
      "format": "date-time"
    },
    "hashMd5": {
      "type": "string",
      "description": "MD5 hash of the executable. Might be empty. Info: Corresponds to 'MD5' in ESET Inspect. ESET Inspect On-Prem: Executable details"
    },
    "hashSha1": {
      "type": "string",
      "description": "SHA1 hash of the executable. Info: Corresponds to 'SHA-1' in ESET Inspect. ESET Inspect On-Prem: Executable details"
    },
    "hashSha2256": {
      "type": "string",
      "description": "SHA2-256 hash of the executable. Might be empty. Info: Corresponds to 'SHA-256' in ESET Inspect. ESET Inspect On-Prem: Executable details"
    },
    "isBlocked": {
      "type": "boolean",
      "description": "If true, the executable is blocked from being executed (globally)."
    },
    "isDynamicallyLinkedLibrary": {
      "title": "If true, the executable represents a dynamically linked library (dynamic-link library, or DLL, under Windows and OS/2; shareable image under OpenVMS;[18] dynamic shared object, or DSO, under Unix-like systems)",
      "type": "boolean"
    },
    "lastExecuteTime": {
      "type": "string",
      "description": "When an executable was last executed on any computer in a monitored network. Info: Corresponds to 'Last Executed' in ESET Inspect. ESET Inspect On-Prem: Executable details",
      "format": "date-time",
      "readOnly": true
    },
    "libraryId": {
      "title": "Internal name for PE DLLs Shared object name in ELF dynamic libraries Library ID in MACHO dynamic libraries",
      "type": "string",
      "description": "Examples: Library ID for a MACHO dylib: „System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/ImageFormats/snorm16_rgba.dylib' And ELF shared object name (for a file called „libhgfs.so.0.0.0“): „libhgfs.so.0'"
    },
    "liveGridFindings": {
      "$ref": "v1LiveGridFindings",
      "description": "Findings of LiveGrid.",
      "ageDays": {
        "type": "integer",
        "description": "Age of the finding in days.",
        "format": "int64"
      },
      "firstOccurTime": {
        "type": "string",
        "description": "When an executable was first seen on any computer connected to LiveGrid®.",
        "format": "date-time"
      },
      "popularity": {
        "type": "number",
        "description": "How many computers reported an executable to LiveGrid®. Normalized to a value between 0 and 1. This value is frequently shown in UI as a severity bar.",
        "format": "double"
      },
      "reputation": {
        "type": "number",
        "description": "Is a number from 0 to 1, indicating how safe the file is. Reputation > 0.0 && < 0.3 -> malicious Reputation > 0.3 && < 0.8 -> suspicious Reputation > 0.8 -> safe.",
        "format": "double"
      }
    },
    "machoSignature": {
      "$ref": "v1MachoSignature",
      "description": "Details of Mach-O signature.",
      "codeIdentifier": {
        "type": "string",
        "description": "The 'identifier' field is used to uniquely identify a specific version of the code or a code directory within the code signing process. Examples are: com.microsoft.edgemac.helper.renderer, com.eset.remoteadministrator.agent code identifier can be present also for unsigned files. Info: More details can be found at Apple Developer Documentation: Inside Code Signing and GitHub Apple Open Source: libsecurity_codesigning"
      },
      "teamIdentifier": {
        "type": "string",
        "description": "The Team ID is a unique 10-character string generated by Apple that is assigned to your team. When Apple issues a Team ID to a team, we will not issue that same Team ID to any other team. Also, only appropriately authorized members of that team can ship the code signed with that Team ID. More information can be found at Apple Developer Documentation: Locate your Team ID"
      }
    },
    "packerName": {
      "type": "string",
      "description": "The name of a packer if an executable is packed. Info: Corresponds to 'Packer name' in ESET Inspect."
    },
    "peVersionInfo": {
      "$ref": "v1PeVersionInfo",
      "description": "Windows VersionInfo about portable executable.",
      "companyName": {
        "type": "string",
        "description": "A company that produced the file, for example, Microsoft Corporation or Standard Microsystems Corporation, Inc."
      },
      "fileDescription": {
        "type": "string",
        "description": "File description to be presented to users. This string may be displayed in a list box when the user is choosing files to install, for example, Keyboard Driver for AT-Style Keyboards."
      },
      "fileVersion": {
        "type": "string",
        "description": "Version number of the file, for example, 3.10 or 5.00.RC2."
      },
      "internalName": {
        "type": "string",
        "description": "The internal name of the file, if one exists, for example, a module name if the file is a dynamic-link library. If the file has no internal name, this string should be the original filename without extension."
      },
      "originalFileName": {
        "type": "string",
        "description": "The original name of the file, not including a path. This information enables an application to determine whether a file has been renamed by a user. The format of the name depends on the file system for which the file was created."
      },
      "productName": {
        "type": "string",
        "description": "The name of the product with which the file is distributed."
      },
      "productVersion": {
        "type": "string",
        "description": "Version of the product with which the file is distributed, for example, 3.10 or 5.00.RC2."
      }
    },
    "sfxTypeName": {
      "type": "string",
      "description": "The self-extracting archive type if an executable is packed. Info: Corresponds to 'SFX name' in ESET Inspect."
    },
    "signatures": [
      {
        "$ref": "v1CodeSignature",
        "description": "Code signature details.",
        "certificateChain": [
          {
            "$ref": "v1Certificate",
            "description": "Represents cryptographic certificate.",
            "issuerCommonName": {
              "title": "CN part of the distinguished Issuer Name (OID 2.5.4.3)",
              "type": "string",
              "description": "The Issuer is the entity (Certificate Authority) that issues the certificate. The Issuer's identity is typically specified in the certificate."
            },
            "subjectCommonName": {
              "title": "CN part of the distinguished Subject Name (OID 2.5.4.3)",
              "type": "string",
              "description": "The Subject is the entity whose public key is bound to the certificate. The Subject's identity is also specified in the certificate."
            }
          }
        ],
        "signatureTrustLevel": {
          "$ref": "v1SignatureTrustLevel",
          "type": "string",
          "description": "Level of signature trust. Items are sorted by their trustworthiness from the least trustworthy case of ad-hoc signature to the signature trusted by ESET. Basically, 0–79 means untrusted and 80+ means trusted. SIGNATURE_TRUST_LEVEL_UNSPECIFIED: fallback SIGNATURE_TRUST_LEVEL_AD_HOC: A signature that is created without a certificate from a Certificate Authority (CA) is the least trustworthy because it cannot be traced back to a known entity. For example, Apple Developer Documentation: Code Signature Flags - adhoc - SIGNATURE_TRUST_LEVEL_INVALID: The signature does not match the content it is supposed to be signing, or it has been signed with a certificate that is expired or revoked. It is not trustworthy. - SIGNATURE_TRUST_LEVEL_NO_SIGNATURE: There is no signature at all. It is not trustworthy because there is no way to verify the source or integrity of the content. - SIGNATURE_TRUST_LEVEL_SELF_SIGNED: The signature was created with a self-signed certificate. It is somewhat trustworthy but less so than a signature from a CA because it cannot be traced back to a known entity. - SIGNATURE_TRUST_LEVEL_OS_TRUSTED: This means the signature was created with a certificate from a CA that is trusted by the operating system. It is generally trustworthy. - SIGNATURE_TRUST_LEVEL_ESET_TRUSTED: This means the signature was created with a certificate from a CA that is trusted by ESET. It is generally trustworthy.",
          "default": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
          "enum": [
            "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
            "SIGNATURE_TRUST_LEVEL_AD_HOC",
            "SIGNATURE_TRUST_LEVEL_INVALID",
            "SIGNATURE_TRUST_LEVEL_NO_SIGNATURE",
            "SIGNATURE_TRUST_LEVEL_SELF_SIGNED",
            "SIGNATURE_TRUST_LEVEL_OS_TRUSTED",
            "SIGNATURE_TRUST_LEVEL_ESET_TRUSTED"
          ]
        },
        "signerName": {
          "type": "string",
          "description": "The Signer name extracted from the signature by heuristics."
        }
      }
    ],
    "tags": [
      {
        "type": "string"
      }
    ],
    "versionName": {
      "type": "string",
      "description": "Version number of the file, for example, '3.10' or '5.00.RC2'. Info: Corresponds to 'File version' in ESET Inspect."
    },
    "uuid": {
      "type": "string",
      "description": "Unique identifier of the entity. Must be collision-free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to the template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on Wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
    }
  }
}

202

Response took too long; request cached. Response can be retrieved later using the response-id header.

null
[]

400

One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.

null
[]

401

Token has expired or is invalid.

null
[]

403

Access denied. Check permissions.

null
[]

404

Requested resource not found.

null
[]

429

Rate limit reached. Try again later.

null
[]

500

Internal server failure. Try again later.

null
[]

502

Internal server failure. Try again later.

null
[]

503

Environment under maintenance. Try again later.

null
[]

504

Action took too long; timeout reached

null
[]