Get executable
Relative path: /v1/executables/{executableUuid}
Get details of particular executable.
Parameters in path
Name |
Type |
Required |
Description |
---|---|---|---|
executableUuid |
string |
Yes |
Reference to the executable whose details are requested. type: Executable |
Responses
Display Schema instead of an Example or vice-versa
Code |
Description |
Example |
Schema |
---|---|---|---|
200 |
Successful response. |
{ "executable": { "applicationDisplayName": "string", "applicationVersionName": "string", "description": "string", "developerDisplayName": "string", "devicesCount": 0, "displayName": "string", "fileFormat": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED", "fileSize": "string", "firstOccurTime": "string", "hashMd5": "string", "hashSha1": "string", "hashSha2256": "string", "isBlocked": true, "isDynamicallyLinkedLibrary": true, "lastExecuteTime": "string", "libraryId": "string", "liveGridFindings": { "ageDays": 0, "firstOccurTime": "string", "popularity": 0, "reputation": 0 }, "machoSignature": { "codeIdentifier": "string", "teamIdentifier": "string" }, "packerName": "string", "peVersionInfo": { "companyName": "string", "fileDescription": "string", "fileVersion": "string", "internalName": "string", "originalFileName": "string", "productName": "string", "productVersion": "string" }, "sfxTypeName": "string", "signatures": [ { "certificateChain": [ { "issuerCommonName": "string", "subjectCommonName": "string" } ], "signatureTrustLevel": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED", "signerName": "string" } ], "tags": [ "string" ], "versionName": "string", "uuid": "string" } } |
{ "$ref": "v1GetExecutableResponse", "executable": { "$ref": "v1Executable", "description": { "type": "string", "description": "File description of the file, for example, 'Keyboard Driver for AT-Style Keyboards'. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html File description" }, "applicationDisplayName": { "type": "string", "description": "The name of the application with which the file is distributed. EI migration: Product name" }, "applicationVersionName": { "type": "string", "description": "Version of the application with which the file is distributed. EI migration: Product version" }, "developerDisplayName": { "type": "string", "description": "Human readable version of executable developer. For example: Microsoft Corporation or Standard Micro-systems Corporation, Inc. EI migration: Company name" }, "devicesCount": { "type": "integer", "description": "The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view, with a filtered computers list. EI migration: Seen on", "format": "int64" }, "displayName": { "type": "string", "description": "The name of the executable or DLL. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Name" }, "fileFormat": { "$ref": "v1ExecutableFileFormat", "type": "string", "description": "Format of executable. Subset of more complete list. EXECUTABLE_FILE_FORMAT_UNSPECIFIED: fallback EXECUTABLE_FILE_FORMAT_ELF: Unix-like, OpenVMS, BeOS from R4 onwards, Haiku, SerenityOS EXECUTABLE_FILE_FORMAT_PE: Windows, ReactOS, HX DOS Extender, BeOS (R3 only) EXECUTABLE_FILE_FORMAT_MACHO: NeXTSTEP, macOS, iOS, watchOS, tvOS", "default": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED", "enum": [ "EXECUTABLE_FILE_FORMAT_UNSPECIFIED", "EXECUTABLE_FILE_FORMAT_ELF", "EXECUTABLE_FILE_FORMAT_PE", "EXECUTABLE_FILE_FORMAT_MACHO" ] }, "fileSize": { "type": "string", "description": "The size of the file on the disk.", "format": "uint64" }, "firstOccurTime": { "type": "string", "description": "When an executable was first seen on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html First Seen", "format": "date-time" }, "hashMd5": { "type": "string", "description": "MD5 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html MD5" }, "hashSha1": { "type": "string", "description": "SHA1 hash of the executable. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Sha-1" }, "hashSha2256": { "type": "string", "description": "SHA2-256 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Sha-256" }, "isBlocked": { "type": "boolean", "description": "If true, the executable is blocked from being executed (globally)." }, "isDynamicallyLinkedLibrary": { "title": "If true, the executable represents dynamically linked library (dynamic-link library, or DLL, under Windows and OS/2; shareable image under OpenVMS;[18] dynamic shared object, or DSO, under Unix-like systems)", "type": "boolean" }, "lastExecuteTime": { "type": "string", "description": "When an executable was last executed on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Last Executed", "format": "date-time" }, "libraryId": { "title": "Internal name for PE DLLs Shared object name in ELF dynamic libraries Library ID in MACHO dynamic libraries", "type": "string", "description": "Examples: Library ID for a MACHO dylib: „System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/ImageFormats/snorm16_rgba.dylib' And ELF shared object name (for a file called „libhgfs.so.0.0.0“): „libhgfs.so.0'" }, "liveGridFindings": { "$ref": "v1LiveGridFindings", "description": "Findings of LiveGrid.", "ageDays": { "type": "integer", "description": "Age of the finding in days.", "format": "int64" }, "firstOccurTime": { "type": "string", "description": "When an executable was first seen on any computer connected to LiveGrid®.", "format": "date-time" }, "popularity": { "type": "number", "description": "How many computers reported an executable to LiveGrid®. Normalized to value between 0 and 1. This value is frequently shown in UI as a severity bar.", "format": "double" }, "reputation": { "type": "number", "description": "Is a number from 0 to 1, indicating how safe the file is. Reputation > 0.0 && < 0.3 -> malicious Reputation > 0.3 && < 0.8 -> suspicious Reputation > 0.8 -> safe.", "format": "double" } }, "machoSignature": { "$ref": "v1MachoSignature", "description": "Details of Mach-O signature.", "codeIdentifier": { "type": "string", "description": "The 'identifier' field is used to uniquely identify a specific version of the code or a code directory within the code signing process. Examples are: com.microsoft.edgemac.helper.renderer, com.eset.remoteadministrator.agent code identifier can be present also for unsigned files. Info: More details can be found at https://developer.apple.com/documentation/technotes/tn3127-inside-code-signing-requirements#Basics https://opensource.apple.com/source/Security/Security-55471.14/libsecurity_codesigning/lib/codedirectory.h.auto.html" }, "teamIdentifier": { "type": "string", "description": "The Team ID is a unique 10-character string generated by Apple that’s assigned to your team. Once Apple has issued a Team ID to a team, we won’t issue that same Team ID to any other team. Also, only appropriately authorised members of that team can ship code signed with that Team ID. More on this: https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/" } }, "packerName": { "type": "string", "description": "The name of packer if a executable is packed. EI migration: Packer name" }, "peVersionInfo": { "$ref": "v1PeVersionInfo", "description": "Windows VersionInfo about portable executable.", "companyName": { "type": "string", "description": "Company that produced the file—for example, Microsoft Corporation or Standard Microsystems Corporation, Inc." }, "fileDescription": { "type": "string", "description": "File description to be presented to users. This string may be displayed in a list box when the user is choosing files to install—for example, Keyboard Driver for AT-Style Keyboards." }, "fileVersion": { "type": "string", "description": "Version number of the file—for example, 3.10 or 5.00.RC2." }, "internalName": { "type": "string", "description": "Internal name of the file, if one exists—for example, a module name if the file is a dynamic-link library. If the file has no internal name, this string should be the original filename, without extension." }, "originalFileName": { "type": "string", "description": "Original name of the file, not including a path. This information enables an application to determine whether a file has been renamed by a user. The format of the name depends on the file system for which the file was created." }, "productName": { "type": "string", "description": "Name of the product with which the file is distributed." }, "productVersion": { "type": "string", "description": "Version of the product with which the file is distributed—for example, 3.10 or 5.00.RC2." } }, "sfxTypeName": { "type": "string", "description": "Self-extracting archive type, if an executable is packed. EI migration: SFX name" }, "signatures": [ { "$ref": "v1CodeSignature", "description": "Code signature details.", "certificateChain": [ { "$ref": "v1Certificate", "description": "Represents cryptographic certificate.", "issuerCommonName": { "title": "CN part of distinguished Issuer Name (OID 2.5.4.3)", "type": "string", "description": "Issuer is the entity (Certificate Authority) that issues the certificate. The Issuer's identity is typically specified in the certificate." }, "subjectCommonName": { "title": "CN part of distinguished Subject Name (OID 2.5.4.3)", "type": "string", "description": "Subject is the entity whose public key is bound to the certificate. The Subject's identity is also specified in the certificate." } } ], "signatureTrustLevel": { "$ref": "v1SignatureTrustLevel", "type": "string", "description": "Level of signature trust. Items are sorted by their trustworthiness from the least trustworthy case of ad-hoc signature to the signature trusted by ESET. Basically, 0 - 79 means untrusted and 80+ means trusted. SIGNATURE_TRUST_LEVEL_UNSPECIFIED: fallback SIGNATURE_TRUST_LEVEL_AD_HOC: Signature that is created without a certificate from a Certificate Authority (CA) is least trustworthy, because it can't be traced back to a known entity. For example: https://developer.apple.com/documentation/security/seccodesignatureflags/1397793-adhoc - SIGNATURE_TRUST_LEVEL_INVALID: The signature doesn't match the content it's supposed to be signing, or it's been signed with a certificate that's expired or revoked. It's not trustworthy. - SIGNATURE_TRUST_LEVEL_NO_SIGNATURE: There's no signature at all. It's not trustworthy because there's no way to verify the source or integrity of the content. - SIGNATURE_TRUST_LEVEL_SELF_SIGNED: The signature was created with a self-signed certificate. It's somewhat trustworthy, but less so than a signature from a CA because it can't be traced back to a known entity. - SIGNATURE_TRUST_LEVEL_OS_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by the operating system. It's generally trustworthy. - SIGNATURE_TRUST_LEVEL_ESET_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by ESET. It's generally trustworthy.", "default": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED", "enum": [ "SIGNATURE_TRUST_LEVEL_UNSPECIFIED", "SIGNATURE_TRUST_LEVEL_AD_HOC", "SIGNATURE_TRUST_LEVEL_INVALID", "SIGNATURE_TRUST_LEVEL_NO_SIGNATURE", "SIGNATURE_TRUST_LEVEL_SELF_SIGNED", "SIGNATURE_TRUST_LEVEL_OS_TRUSTED", "SIGNATURE_TRUST_LEVEL_ESET_TRUSTED" ] }, "signerName": { "type": "string", "description": "Signer name extracted from the signature by heuristics." } } ], "tags": [ { "type": "string" } ], "versionName": { "type": "string", "description": "Version number of the file, for example, '3.10' or '5.00.RC2'. EI migration: File version" }, "uuid": { "type": "string", "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'" } } } |
202 |
Response took too long; request cached. Response can be retrieved later using the response-id header. |
null |
[] |
400 |
One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided. |
null |
[] |
401 |
Token has expired or is invalid. |
null |
[] |
403 |
Access denied. Check permissions. |
null |
[] |
404 |
Requested resource not found. |
null |
[] |
429 |
Rate limit reached. Try again later. |
null |
[] |
500 |
Internal server failure. Try again later. |
null |
[] |
502 |
Internal server failure. Try again later. |
null |
[] |
503 |
Environment under maintenance. Try again later. |
null |
[] |
504 |
Action took too long; timeout reached |
null |
[] |