Get executable
Relative path: /v1/executables/{executableUuid}
Get details of particular executable.
Parameters in path
Name |
Type |
Required |
Description |
|---|---|---|---|
executableUuid |
string |
Yes |
Reference to the executable whose details are requested. type: Executable |
Responses
Display Schema instead of an Example or vice-versa
Code |
Description |
Example |
Schema |
|---|---|---|---|
200 |
Successful response. |
{
"executable": {
"applicationDisplayName": "string",
"applicationVersionName": "string",
"description": "string",
"developerDisplayName": "string",
"devicesCount": 0,
"displayName": "string",
"fileFormat": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
"fileSize": "string",
"firstOccurTime": "string",
"hashMd5": "string",
"hashSha1": "string",
"hashSha2256": "string",
"isBlocked": true,
"isDynamicallyLinkedLibrary": true,
"lastExecuteTime": "string",
"libraryId": "string",
"liveGridFindings": {
"ageDays": 0,
"firstOccurTime": "string",
"popularity": 0,
"reputation": 0
},
"machoSignature": {
"codeIdentifier": "string",
"teamIdentifier": "string"
},
"packerName": "string",
"peVersionInfo": {
"companyName": "string",
"fileDescription": "string",
"fileVersion": "string",
"internalName": "string",
"originalFileName": "string",
"productName": "string",
"productVersion": "string"
},
"sfxTypeName": "string",
"signatures": [
{
"certificateChain": [
{
"issuerCommonName": "string",
"subjectCommonName": "string"
}
],
"signatureTrustLevel": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
"signerName": "string"
}
],
"tags": [
"string"
],
"versionName": "string",
"uuid": "string"
}
} |
{
"$ref": "v1GetExecutableResponse",
"executable": {
"$ref": "v1Executable",
"description": {
"type": "string",
"description": "File description of the file, for example, 'Keyboard Driver for AT-Style Keyboards'. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html File description"
},
"applicationDisplayName": {
"type": "string",
"description": "The name of the application with which the file is distributed. EI migration: Product name"
},
"applicationVersionName": {
"type": "string",
"description": "Version of the application with which the file is distributed. EI migration: Product version"
},
"developerDisplayName": {
"type": "string",
"description": "Human readable version of executable developer. For example: Microsoft Corporation or Standard Micro-systems Corporation, Inc. EI migration: Company name"
},
"devicesCount": {
"type": "integer",
"description": "The number of computers on which the file was discovered. After clicking on it, you are redirected to the Computers view, with a filtered computers list. EI migration: Seen on",
"format": "int64"
},
"displayName": {
"type": "string",
"description": "The name of the executable or DLL. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Name"
},
"fileFormat": {
"$ref": "v1ExecutableFileFormat",
"type": "string",
"description": "Format of executable. Subset of more complete list. EXECUTABLE_FILE_FORMAT_UNSPECIFIED: fallback EXECUTABLE_FILE_FORMAT_ELF: Unix-like, OpenVMS, BeOS from R4 onwards, Haiku, SerenityOS EXECUTABLE_FILE_FORMAT_PE: Windows, ReactOS, HX DOS Extender, BeOS (R3 only) EXECUTABLE_FILE_FORMAT_MACHO: NeXTSTEP, macOS, iOS, watchOS, tvOS",
"default": "EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
"enum": [
"EXECUTABLE_FILE_FORMAT_UNSPECIFIED",
"EXECUTABLE_FILE_FORMAT_ELF",
"EXECUTABLE_FILE_FORMAT_PE",
"EXECUTABLE_FILE_FORMAT_MACHO"
]
},
"fileSize": {
"type": "string",
"description": "The size of the file on the disk.",
"format": "uint64"
},
"firstOccurTime": {
"type": "string",
"description": "When an executable was first seen on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html First Seen",
"format": "date-time"
},
"hashMd5": {
"type": "string",
"description": "MD5 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html MD5"
},
"hashSha1": {
"type": "string",
"description": "SHA1 hash of the executable. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Sha-1"
},
"hashSha2256": {
"type": "string",
"description": "SHA2-256 hash of the executable. Might be empty. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Sha-256"
},
"isBlocked": {
"type": "boolean",
"description": "If true, the executable is blocked from being executed (globally)."
},
"isDynamicallyLinkedLibrary": {
"title": "If true, the executable represents dynamically linked library (dynamic-link library, or DLL, under Windows and OS/2; shareable image under OpenVMS;[18] dynamic shared object, or DSO, under Unix-like systems)",
"type": "boolean"
},
"lastExecuteTime": {
"type": "string",
"description": "When an executable was last executed on any computer in a monitored network. EI migration: https://help.eset.com/ei_navigate/latest/en-US/executable_details.html Last Executed",
"format": "date-time"
},
"libraryId": {
"title": "Internal name for PE DLLs Shared object name in ELF dynamic libraries Library ID in MACHO dynamic libraries",
"type": "string",
"description": "Examples: Library ID for a MACHO dylib: „System/Library/Frameworks/OpenCL.framework/Versions/A/Libraries/ImageFormats/snorm16_rgba.dylib' And ELF shared object name (for a file called „libhgfs.so.0.0.0“): „libhgfs.so.0'"
},
"liveGridFindings": {
"$ref": "v1LiveGridFindings",
"description": "Findings of LiveGrid.",
"ageDays": {
"type": "integer",
"description": "Age of the finding in days.",
"format": "int64"
},
"firstOccurTime": {
"type": "string",
"description": "When an executable was first seen on any computer connected to LiveGrid®.",
"format": "date-time"
},
"popularity": {
"type": "number",
"description": "How many computers reported an executable to LiveGrid®. Normalized to value between 0 and 1. This value is frequently shown in UI as a severity bar.",
"format": "double"
},
"reputation": {
"type": "number",
"description": "Is a number from 0 to 1, indicating how safe the file is. Reputation > 0.0 && < 0.3 -> malicious Reputation > 0.3 && < 0.8 -> suspicious Reputation > 0.8 -> safe.",
"format": "double"
}
},
"machoSignature": {
"$ref": "v1MachoSignature",
"description": "Details of Mach-O signature.",
"codeIdentifier": {
"type": "string",
"description": "The 'identifier' field is used to uniquely identify a specific version of the code or a code directory within the code signing process. Examples are: com.microsoft.edgemac.helper.renderer, com.eset.remoteadministrator.agent code identifier can be present also for unsigned files. Info: More details can be found at https://developer.apple.com/documentation/technotes/tn3127-inside-code-signing-requirements#Basics https://opensource.apple.com/source/Security/Security-55471.14/libsecurity_codesigning/lib/codedirectory.h.auto.html"
},
"teamIdentifier": {
"type": "string",
"description": "The Team ID is a unique 10-character string generated by Apple that’s assigned to your team. Once Apple has issued a Team ID to a team, we won’t issue that same Team ID to any other team. Also, only appropriately authorised members of that team can ship code signed with that Team ID. More on this: https://developer.apple.com/help/account/manage-your-team/locate-your-team-id/"
}
},
"packerName": {
"type": "string",
"description": "The name of packer if a executable is packed. EI migration: Packer name"
},
"peVersionInfo": {
"$ref": "v1PeVersionInfo",
"description": "Windows VersionInfo about portable executable.",
"companyName": {
"type": "string",
"description": "Company that produced the file—for example, Microsoft Corporation or Standard Microsystems Corporation, Inc."
},
"fileDescription": {
"type": "string",
"description": "File description to be presented to users. This string may be displayed in a list box when the user is choosing files to install—for example, Keyboard Driver for AT-Style Keyboards."
},
"fileVersion": {
"type": "string",
"description": "Version number of the file—for example, 3.10 or 5.00.RC2."
},
"internalName": {
"type": "string",
"description": "Internal name of the file, if one exists—for example, a module name if the file is a dynamic-link library. If the file has no internal name, this string should be the original filename, without extension."
},
"originalFileName": {
"type": "string",
"description": "Original name of the file, not including a path. This information enables an application to determine whether a file has been renamed by a user. The format of the name depends on the file system for which the file was created."
},
"productName": {
"type": "string",
"description": "Name of the product with which the file is distributed."
},
"productVersion": {
"type": "string",
"description": "Version of the product with which the file is distributed—for example, 3.10 or 5.00.RC2."
}
},
"sfxTypeName": {
"type": "string",
"description": "Self-extracting archive type, if an executable is packed. EI migration: SFX name"
},
"signatures": [
{
"$ref": "v1CodeSignature",
"description": "Code signature details.",
"certificateChain": [
{
"$ref": "v1Certificate",
"description": "Represents cryptographic certificate.",
"issuerCommonName": {
"title": "CN part of distinguished Issuer Name (OID 2.5.4.3)",
"type": "string",
"description": "Issuer is the entity (Certificate Authority) that issues the certificate. The Issuer's identity is typically specified in the certificate."
},
"subjectCommonName": {
"title": "CN part of distinguished Subject Name (OID 2.5.4.3)",
"type": "string",
"description": "Subject is the entity whose public key is bound to the certificate. The Subject's identity is also specified in the certificate."
}
}
],
"signatureTrustLevel": {
"$ref": "v1SignatureTrustLevel",
"type": "string",
"description": "Level of signature trust. Items are sorted by their trustworthiness from the least trustworthy case of ad-hoc signature to the signature trusted by ESET. Basically, 0 - 79 means untrusted and 80+ means trusted. SIGNATURE_TRUST_LEVEL_UNSPECIFIED: fallback SIGNATURE_TRUST_LEVEL_AD_HOC: Signature that is created without a certificate from a Certificate Authority (CA) is least trustworthy, because it can't be traced back to a known entity. For example: https://developer.apple.com/documentation/security/seccodesignatureflags/1397793-adhoc - SIGNATURE_TRUST_LEVEL_INVALID: The signature doesn't match the content it's supposed to be signing, or it's been signed with a certificate that's expired or revoked. It's not trustworthy. - SIGNATURE_TRUST_LEVEL_NO_SIGNATURE: There's no signature at all. It's not trustworthy because there's no way to verify the source or integrity of the content. - SIGNATURE_TRUST_LEVEL_SELF_SIGNED: The signature was created with a self-signed certificate. It's somewhat trustworthy, but less so than a signature from a CA because it can't be traced back to a known entity. - SIGNATURE_TRUST_LEVEL_OS_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by the operating system. It's generally trustworthy. - SIGNATURE_TRUST_LEVEL_ESET_TRUSTED: This means the signature was created with a certificate from a CA that's trusted by ESET. It's generally trustworthy.",
"default": "SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
"enum": [
"SIGNATURE_TRUST_LEVEL_UNSPECIFIED",
"SIGNATURE_TRUST_LEVEL_AD_HOC",
"SIGNATURE_TRUST_LEVEL_INVALID",
"SIGNATURE_TRUST_LEVEL_NO_SIGNATURE",
"SIGNATURE_TRUST_LEVEL_SELF_SIGNED",
"SIGNATURE_TRUST_LEVEL_OS_TRUSTED",
"SIGNATURE_TRUST_LEVEL_ESET_TRUSTED"
]
},
"signerName": {
"type": "string",
"description": "Signer name extracted from the signature by heuristics."
}
}
],
"tags": [
{
"type": "string"
}
],
"versionName": {
"type": "string",
"description": "Version number of the file, for example, '3.10' or '5.00.RC2'. EI migration: File version"
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
}
}
} |
202 |
Response took too long; request cached. Response can be retrieved later using the response-id header. |
null |
[] |
400 |
One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided. |
null |
[] |
401 |
Token has expired or is invalid. |
null |
[] |
403 |
Access denied. Check permissions. |
null |
[] |
404 |
Requested resource not found. |
null |
[] |
429 |
Rate limit reached. Try again later. |
null |
[] |
500 |
Internal server failure. Try again later. |
null |
[] |
502 |
Internal server failure. Try again later. |
null |
[] |
503 |
Environment under maintenance. Try again later. |
null |
[] |
504 |
Action took too long; timeout reached |
null |
[] |