ESET Online Help

Search
Select the category
Select the topic

GET Get executable

Relative path: /v1/executables/{executableUuid}

Get details of particular executable.

Parameters in path

Name

Type

Required

Description

executableUuid

string

Yes

Reference to the executable whose details are requested.

type: Executable



Responses

Display Schema instead of an Example or vice-versa

Code

Description

Example

Schema

200

Successful response.

{
  "executable": {
    "applicationDisplayName": "string",
    "applicationVersionName": "string",
    "description": "string",
    "developerDisplayName": "string",
    "devicesCount": 0,
    "displayName": "string",
    "fileFormat": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
    "fileSize": "string",
    "firstOccurTime": "string",
    "hashMd5": "string",
    "hashSha1": "string",
    "hashSha2256": "string",
    "isBlocked": true,
    "isDynamicallyLinkedLibrary": true,
    "lastExecuteTime": "string",
    "libraryId": "string",
    "liveGridFindings": {
      "ageDays": 0,
      "firstOccurTime": "string",
      "popularity": 0,
      "reputation": 0
    },
    "machoSignature": {
      "codeIdentifier": "string",
      "teamIdentifier": "string"
    },
    "packerName": "string",
    "peVersionInfo": {
      "companyName": "string",
      "fileDescription": "string",
      "fileVersion": "string",
      "internalName": "string",
      "originalFileName": "string",
      "productName": "string",
      "productVersion": "string"
    },
    "sfxTypeName": "string",
    "signatures": [
      {
        "certificateChain": [
          {
            "issuerCommonName": "string",
            "subjectCommonName": "string"
          }
        ],
        "signatureTrustLevel": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
        "signerName": "string"
      }
    ],
    "tags": [
      "string"
    ],
    "versionName": "string",
    "uuid": "string"
  }
}
{
  "$ref": "v1GetExecutableResponse",
  "executable": {
    "$ref": "v1Executable",
    "description": {
      "type": "string",
      "description": "File description of the file, for example, 'Keyboard Driver for AT-Style Keyboards'. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html File description"
    },
    "applicationDisplayName": {
      "type": "string",
      "description": "The name of the application with which the file is distributed. EI migration: Product name"
    },
    "applicationVersionName": {
      "type": "string",
      "description": "Version of the application with which the file is distributed. EI migration: Product version"
    },
    "developerDisplayName": {
      "type": "string",
      "description": "Human readable version of executable developer. For example: Microsoft Corporation or Standard Micro-systems Corporation, Inc. EI migration: Company name"
    },
    "devicesCount": {
      "type": "integer",
      "description": "The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view, with a filtered computers list. EI migration: Seen on",
      "format": "int64"
    },
    "displayName": {
      "type": "string",
      "description": "The name of the executable or DLL. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Name"
    },
    "fileFormat": {
      "$ref": "v1ExecutableFileFormat",
      "type": "string",
      "description": "Format of executable. Subset of more complete list. EXECUTABLE_FILE_FORMAT_UNSPECIFIED: fallback EXECUTABLE_FILE_FORMAT_ELF: Unix-like, OpenVMS, BeOS from R4 onwards, Haiku, SerenityOS EXECUTABLE_FILE_FORMAT_PE: Windows, ReactOS, HX DOS Extender, BeOS (R3 only) EXECUTABLE_FILE_FORMAT_MACHO: NeXTSTEP, macOS, iOS, watchOS, tvOS",
      "default": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
      "enum": [
        "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
        "EXECUTABLE_FILE_FORMAT_ELF",
        "EXECUTABLE_FILE_FORMAT_PE",
        "EXECUTABLE_FILE_FORMAT_MACHO"
      ]
    },
    "fileSize": {
      "type": "string",
      "description": "The size of the file on the disk.",
      "format": "uint64"
    },
    "firstOccurTime": {
      "type": "string",
      "description": "When an executable was first seen on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html First Seen",
      "format": "date-time"
    },
    "hashMd5": {
      "type": "string",
      "description": "MD5 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html MD5"
    },
    "hashSha1": {
      "type": "string",
      "description": "SHA1 hash of the executable. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Sha-1"
    },
    "hashSha2256": {
      "type": "string",
      "description": "SHA2-256 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Sha-256"
    },
    "isBlocked": {
      "type": "boolean",
      "description": "If true, the executable is blocked from being executed (globally)."
    },
    "isDynamicallyLinkedLibrary": {
      "title": "If true, the executable represents dynamically linked library (dynamic-link library, or DLL, under Windows and OS/2; shareable image under OpenVMS;[18] dynamic shared object, or DSO, under Unix-like systems)",
      "type": "boolean"
    },
    "lastExecuteTime": {
      "type": "string",
      "description": "When an executable was last executed on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Last Executed",
      "format": "date-time"
    },
    "libraryId": {
      "title": "Internal name for PE DLLs Shared object name in ELF dynamic libraries Library ID in MACHO dynamic libraries",
      "type": "string",
      "description": "Examples: Library ID for a MACHO dylib: „System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/ImageFormats/snorm16_rgba.dylib' And ELF shared object name (for a file called „libhgfs.so.0.0.0“): „libhgfs.so.0'"
    },
    "liveGridFindings": {
      "$ref": "v1LiveGridFindings",
      "description": "Findings of LiveGrid.",
      "ageDays": {
        "type": "integer",
        "description": "Age of the finding in days.",
        "format": "int64"
      },
      "firstOccurTime": {
        "type": "string",
        "description": "When an executable was first seen on any computer connected to LiveGrid®.",
        "format": "date-time"
      },
      "popularity": {
        "type": "number",
        "description": "How many computers reported an executable to LiveGrid®. Normalized to value between 0 and 1. This value is frequently shown in UI as a severity bar.",
        "format": "double"
      },
      "reputation": {
        "type": "number",
        "description": "Is a number from 0 to 1, indicating how safe the file is. Reputation > 0.0 && < 0.3 -> malicious Reputation > 0.3 && < 0.8 -> suspicious Reputation > 0.8 -> safe.",
        "format": "double"
      }
    },
    "machoSignature": {
      "$ref": "v1MachoSignature",
      "description": "Details of Mach-O signature.",
      "codeIdentifier": {
        "type": "string",
        "description": "The 'identifier' field is used to uniquely identify a specific version of the code or a code directory within the code signing process. Examples are: com.microsoft.edgemac.helper.renderer, com.eset.remoteadministrator.agent code identifier can be present also for unsigned files. Info: More details can be found at https://developer.apple.com/documentation/technotes/tn3127-inside-code-signing-requirements#Basics https://opensource.apple.com/source/Security/Security-55471.14/libsecurity_codesigning/lib/codedirectory.h.auto.html"
      },
      "teamIdentifier": {
        "type": "string",
        "description": "The Team ID is a unique 10-character string generated by Apple that’s assigned to your team. Once Apple has issued a Team ID to a team, we won’t issue that same Team ID to any other team. Also, only appropriately authorised members of that team can ship code signed with that Team ID. More on this: https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/"
      }
    },
    "packerName": {
      "type": "string",
      "description": "The name of packer if a executable is packed. EI migration: Packer name"
    },
    "peVersionInfo": {
      "$ref": "v1PeVersionInfo",
      "description": "Windows VersionInfo about portable executable.",
      "companyName": {
        "type": "string",
        "description": "Company that produced the file—for example, Microsoft Corporation or Standard Microsystems Corporation, Inc."
      },
      "fileDescription": {
        "type": "string",
        "description": "File description to be presented to users. This string may be displayed in a list box when the user is choosing files to install—for example, Keyboard Driver for AT-Style Keyboards."
      },
      "fileVersion": {
        "type": "string",
        "description": "Version number of the file—for example, 3.10 or 5.00.RC2."
      },
      "internalName": {
        "type": "string",
        "description": "Internal name of the file, if one exists—for example, a module name if the file is a dynamic-link library. If the file has no internal name, this string should be the original filename, without extension."
      },
      "originalFileName": {
        "type": "string",
        "description": "Original name of the file, not including a path. This information enables an application to determine whether a file has been renamed by a user. The format of the name depends on the file system for which the file was created."
      },
      "productName": {
        "type": "string",
        "description": "Name of the product with which the file is distributed."
      },
      "productVersion": {
        "type": "string",
        "description": "Version of the product with which the file is distributed—for example, 3.10 or 5.00.RC2."
      }
    },
    "sfxTypeName": {
      "type": "string",
      "description": "Self-extracting archive type, if an executable is packed. EI migration: SFX name"
    },
    "signatures": [
      {
        "$ref": "v1CodeSignature",
        "description": "Code signature details.",
        "certificateChain": [
          {
            "$ref": "v1Certificate",
            "description": "Represents cryptographic certificate.",
            "issuerCommonName": {
              "title": "CN part of distinguished Issuer Name (OID 2.5.4.3)",
              "type": "string",
              "description": "Issuer is the entity (Certificate Authority) that issues the certificate. The Issuer's identity is typically specified in the certificate."
            },
            "subjectCommonName": {
              "title": "CN part of distinguished Subject Name (OID 2.5.4.3)",
              "type": "string",
              "description": "Subject is the entity whose public key is bound to the certificate. The Subject's identity is also specified in the certificate."
            }
          }
        ],
        "signatureTrustLevel": {
          "$ref": "v1SignatureTrustLevel",
          "type": "string",
          "description": "Level of signature trust. Items are sorted by their trustworthiness from the least trustworthy case of ad-hoc signature to the signature trusted by ESET. Basically, 0 - 79 means untrusted and 80+ means trusted. SIGNATURE_TRUST_LEVEL_UNSPECIFIED: fallback SIGNATURE_TRUST_LEVEL_AD_HOC: Signature that is created without a certificate from a Certificate Authority (CA) is least trustworthy, because it can't be traced back to a known entity. For example: https://developer.apple.com/documentation/security/seccodesignatureflags/1397793-adhoc - SIGNATURE_TRUST_LEVEL_INVALID: The signature doesn't match the content it's supposed to be signing, or it's been signed with a certificate that's expired or revoked. It's not trustworthy. - SIGNATURE_TRUST_LEVEL_NO_SIGNATURE: There's no signature at all. It's not trustworthy because there's no way to verify the source or integrity of the content. - SIGNATURE_TRUST_LEVEL_SELF_SIGNED: The signature was created with a self-signed certificate. It's somewhat trustworthy, but less so than a signature from a CA because it can't be traced back to a known entity. - SIGNATURE_TRUST_LEVEL_OS_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by the operating system. It's generally trustworthy. - SIGNATURE_TRUST_LEVEL_ESET_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by ESET. It's generally trustworthy.",
          "default": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
          "enum": [
            "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
            "SIGNATURE_TRUST_LEVEL_AD_HOC",
            "SIGNATURE_TRUST_LEVEL_INVALID",
            "SIGNATURE_TRUST_LEVEL_NO_SIGNATURE",
            "SIGNATURE_TRUST_LEVEL_SELF_SIGNED",
            "SIGNATURE_TRUST_LEVEL_OS_TRUSTED",
            "SIGNATURE_TRUST_LEVEL_ESET_TRUSTED"
          ]
        },
        "signerName": {
          "type": "string",
          "description": "Signer name extracted from the signature by heuristics."
        }
      }
    ],
    "tags": [
      {
        "type": "string"
      }
    ],
    "versionName": {
      "type": "string",
      "description": "Version number of the file, for example, '3.10' or '5.00.RC2'. EI migration: File version"
    },
    "uuid": {
      "type": "string",
      "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
    }
  }
}

202

Response took too long; request cached. Response can be retrieved later using the response-id header.

null
[]

400

One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.

null
[]

401

Token has expired or is invalid.

null
[]

403

Access denied. Check permissions.

null
[]

404

Requested resource not found.

null
[]

429

Rate limit reached. Try again later.

null
[]

500

Internal server failure. Try again later.

null
[]

502

Internal server failure. Try again later.

null
[]

503

Environment under maintenance. Try again later.

null
[]

504

Action took too long; timeout reached

null
[]