MalwareHash.com SDK

Posted by on Saturday, December 3rd, 2011  |  2,704 views

We have made available to our users the SDK to use our API service.

Users can download the SDK from their Dashboard:

Image

Documentation of the SDK:

//////////////////////////////////////////////////////////////////////////////
/////////////////// MalwareHash Function Definitions ////////////////////////
/////////////////////////////////////////////////////////////////////////////
 
 
/* 
   Validates an API Key in order to use the MalwareHash.com service 
 
   Returns TRUE if the key is valid and has remaining request queries
   Returns FALSE if the key is either invalid or there are no remaining queries left
*/
 
 
typedef BOOL (__stdcall *PIsAPIKeyValid)(char* APIKey);
 
 
/*
   Checks a single MD5 digest Hash 
 
   Returns TRUE if the MD5 Hash is listed in the database and flagged as malware
   Returns FALSE if the MD5 Hash is not located in the database
*/
 
 
typedef BOOL (__stdcall *PMalwareHashSingle)(char* APIKey, 
                                             char* MD5Hash);
 
 
/*
  Checks Multiple MD5 digest Hashes against the server database
 
  Returns TRUE if there is no request errors
  Returns FALSE if there is a request error
 
  Note: After calling this API the "bDetected" member of the FixedMultiHash structure array will be
  set to TRUE for MD5 Hashes which are flagged by the database as malware, FALSE for those that
  are not. The reason this API primarily exists is due to the fact that you can optionally send
  up to 250 MD5 Hashes to the server all in one request which would only eat 1 user query for your
  API Key. Calling MalwareHashSingle() on each of the 250 Hashes would require 250 queries!
*/
 
 
typedef BOOL (__stdcall *PMalwareHashMulti)(char* APIKey, 
                                            FixedMultiHash* MD5Hashes);
 
 
/*
  Ansi -
 
  Returns TRUE if lpFileName can be hashed via MD5 digest (internal operation) and the server
  locates this MD5 Hash in its database
 
  Returns FALSE if lpFileName for some reason cannot be hashed or the successful hash is not present
  in the server database 
*/
 
 
typedef BOOL (__stdcall *PMalwareHashSingleFileA)(char* APIKey, 
                                                  char* lpFileName);
 
 
/*
  Unicode -
 
  Returns TRUE if lpFileName can be hashed via MD5 digest (internal operation) and the server
  locates this MD5 Hash in its database
 
  Returns FALSE if lpFileName for some reason cannot be hashed or the successful hash is not present
  in the server database 
*/
 
 
typedef BOOL (__stdcall *PMalwareHashSingleFileW)(char* APIKey, 
                                                  WCHAR* lpFileName);
 
 
/*
  Ansi -
 
  Checks Multiple MD5 digest Hashes against the server database but only requires full-path FILENAMES
 
  This function is offered for extreme flexibility since all that is required to communicate with the server
  is a valid API Key and a list (array) of filenames, the MD5 hashing is done internally for you
 
  Returns TRUE if there is no request errors
  Returns FALSE if there is a request error
 
  Note: After calling this API the "bDetected" member of the FixedFileHashEntryA structure will be
  set to TRUE for MD5 Hashes which are flagged by the database as malware, FALSE for those that
  are not. Also, any files which are successfully hashed will output their MD5 hash to the "cHash" member 
  of the FixedFileHashEntryA structure variable.
 
  The reason this API primarily exists is due to the fact that you can optionally send
  up to 250 MD5 Hashes to the server all in one request which would only eat 1 user query for your
  API Key. Calling MalwareHashSingleFileA() on each of the 250 filenames would require 250 queries!
*/
 
 
typedef BOOL (__stdcall *PMalwareHashMultiFileA)(char* APIKey, 
                                                 FixedFileHashEntryA* FileNames);
 
 
/*
  Unicode -
 
  Checks Multiple MD5 digest Hashes against the server database but only requires full-path FILENAMES
 
  This function is offered for extreme flexibility since all that is required to communicate with the server
  is a valid API Key and a list (array) of filenames, the MD5 hashing is done internally for you
 
  Returns TRUE if there is no request errors
  Returns FALSE if there is a request error
 
  Note: After calling this API the "bDetected" member of the FixedFileHashEntryW structure will be
  set to TRUE for MD5 Hashes which are flagged by the database as malware, FALSE for those that
  are not. Also, any files which are successfully hashed will output their MD5 hash to the "cHash" member 
  of the FixedFileHashEntryW structure variable.
 
  The reason this API primarily exists is due to the fact that you can optionally send
  up to 250 MD5 Hashes to the server all in one request which would only eat 1 user query for your
  API Key. Calling MalwareHashSingleFileW() on each of the 250 filenames would require 250 queries!
*/
 
 
typedef BOOL (__stdcall *PMalwareHashMultiFileW)(char* APIKey, 
                                                 FixedFileHashEntryW* FileNames);

Included there are examples in C and Delphi.

Posted by on Saturday, December 3rd, 2011 at 8:10 pm and filed under Security News with tags , , . You can skip to the end and leave a response. Pinging is currently not allowed.

Random Posts

Previous Posts