Virus Total

Virustotal can be used to analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.

Integration with LogicHub

Connecting with Virustotal

To connect to Virustotal following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • API Key: The API key to connect to the Virustotal.

Actions with Virustotal

Analyze Domain

Retrieves a domain report

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Column Name: Select the name of the column in the parent table containing the domain to submit to VirusTotal.

Output of Action
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: analysis details
{
  "BitDefender category": "business",
  "domain_siblings": [
    "msg.logichub.com",
    "info.logichub.com",
    "stg.logichub.com"
  ],
  "sophos category": "advertisements",
  "undetected_downloaded_samples": [
    {
      "date": "2019-09-16 16:35:55",
      "positives": 0,
      "total": 70,
      "sha256": "5085cc9e65c2c0c473b7a92d7667a20daf58bef2f8961b4faefafb8d3468a2db"
    }
  ],
  "whois": "Admin City: Scottsdale\nAdmin Country: US\nAdmin Email: [email protected]\nAdmin Organization: Domains By Proxy, LLC\nAdmin Postal Code: 85260\nAdmin State/Province: Arizona\nCreation Date: 2010-03-31T18:05:17Z\nDNSSEC: unsigned\nDomain Name: LOGICHUB.COM\nDomain Name: logichub.com\nDomain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited\nDomain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited\nDomain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nName Server: NS53.DOMAINCONTROL.COM\nName Server: NS54.DOMAINCONTROL.COM\nRegistrant City: 373f4980ad3d2d01\nRegistrant Country: US\nRegistrant Email: [email protected]\nRegistrant Fax Ext: 3432650ec337c945\nRegistrant Fax: 9fad764be0c7e95d\nRegistrant Name: 80315b2e6ac1a801\nRegistrant Organization: b46a98a26fe2fd9f\nRegistrant Phone Ext: 3432650ec337c945\nRegistrant Phone: d5f66d3a005b000d\nRegistrant Postal Code: b9448b1c75ff534d\nRegistrant State/Province: 30bdd2917a604c83\nRegistrant Street: 037792fd5a6fe619\nRegistrant Street: f38c0adea706dbc3\nRegistrar Abuse Contact Email: [email protected]\nRegistrar Abuse Contact Phone: +1.4806242505\nRegistrar Abuse Contact Phone: 480-624-2505\nRegistrar IANA ID: 146\nRegistrar Registration Expiration Date: 2030-03-31T18:05:17Z\nRegistrar URL: http://www.godaddy.com\nRegistrar WHOIS Server: whois.godaddy.com\nRegistrar: GoDaddy.com, LLC\nRegistry Admin ID: Not Available From Registry\nRegistry Domain ID: 1590984107_DOMAIN_COM-VRSN\nRegistry Expiry Date: 2030-03-31T18:05:17Z\nRegistry Registrant ID: Not Available From Registry\nRegistry Tech ID: Not Available From Registry\nTech City: Scottsdale\nTech Country: US\nTech Email: [email protected]\nTech Organization: Domains By Proxy, LLC\nTech Postal Code: 85260\nTech State/Province: Arizona\nUpdated Date: 2020-04-05T17:12:07Z\nUpdated Date: 2020-04-05T17:12:10Z",
  "detected_downloaded_samples": [
    {
      "date": "2020-05-05 15:52:49",
      "positives": 1,
      "total": 75,
      "sha256": "5085cc9e65c2c0c473b7a92d7667a20daf58bef2f8961b4faefafb8d3468a2db"
    }
  ],
  "response_code": 1,
  "detected_referrer_samples": [],
  "verbose_msg": "Domain found in dataset",
  "Forcepoint ThreatSeeker category": "information technology",
  "undetected_urls": [
    [
      "https://www.logichub.com/",
      "1101a118b616f943e890e9e8e8f49161f4336e0a7815ddee08d8a233e0ba7ff9",
      0,
      80,
      "2020-10-15 18:50:15"
    ]
  ],
  "Comodo Valkyrie Verdict category": "media sharing",
  "undetected_referrer_samples": [
    {
      "date": "2020-04-22 14:21:44",
      "positives": 0,
      "total": 0,
      "sha256": "9388089e4a60d5cd88e2c99a2e060e8fa8cb897b123f5bac62290a925e7a022c"
    }
  ],
  "resolutions": [
    {
      "last_resolved": "2017-02-07 00:00:00",
      "ip_address": "107.180.0.110"
    }
  ],
  "detected_urls": [],
  "lh_report_url": null,
  "error": null,
  "has_error": false
}

Analyze File Hash

Retrieves a file hash report

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Column Name: Name of the column in the parent table containing file hash to submit to VirusTotal

Output of Action:
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: analysis details
{
  "scans": {
    "Alibaba": {
      "detected": true,
      "version": "0.3.0.5",
      "result": "Backdoor:Win32/Nepoe.530869dc",
      "update": "20190527"
    },
    "Cybereason": {
      "detected": true,
      "version": "1.2.449",
      "result": "malicious.69043a",
      "update": "20190616"
    }
  },
  "scan_id": "b018706f57937136a2f61421c5a7a9f4ce8c89c3670ae4814491473184545962-1604018059",
  "sha1": "5b63d3bf46aec2126932d8a683ca971c56f7d717",
  "resource": "cbed16069043a0bf3c92fff9a99cccdc",
  "response_code": 1,
  "scan_date": "2020-10-30 00:34:19",
  "permalink": "https://www.virustotal.com/gui/file/b018706f57937136a2f61421c5a7a9f4ce8c89c3670ae4814491473184545962/detection/f-b018706f57937136a2f61421c5a7a9f4ce8c89c3670ae4814491473184545962-1604018059",
  "verbose_msg": "Scan finished, information embedded",
  "total": 72,
  "positives": 63,
  "sha256": "b018706f57937136a2f61421c5a7a9f4ce8c89c3670ae4814491473184545962",
  "md5": "cbed16069043a0bf3c92fff9a99cccdc",
  "lh_report_url": "https://www.virustotal.com/gui/file/b018706f57937136a2f61421c5a7a9f4ce8c89c3670ae4814491473184545962/detection/f-b018706f57937136a2f61421c5a7a9f4ce8c89c3670ae4814491473184545962-1604018059",
  "error": null,
  "has_error": false
}

Analyze IP Address

Retrieves an IP address report

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Column Name: Name of the column in the parent table containing IP address to submit to VirusTotal

Output of Action:
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: analysis details
{
  "asn": 7922,
  "undetected_urls": [
    [
      "http://cet-nat.comcastcntr.pa.bo.comcast.net/",
      "2521651e23393ea13e2817a4afee4847b3d35f4d2df2b5917ca332294b5aafd2",
      0,
      70,
      "2019-07-11 10:00:22"
    ]
  ],
  "undetected_downloaded_samples": [],
  "country": "US",
  "response_code": 1,
  "as_owner": "Comcast Cable Communications, LLC",
  "detected_referrer_samples": [],
  "verbose_msg": "IP address in dataset",
  "detected_downloaded_samples": [],
  "undetected_referrer_samples": [
    {
      "date": "2020-04-22 23:08:01",
      "positives": 0,
      "total": 75,
      "sha256": "7206af0ae424df1f3eddf9198a38e24facfa3fb87fd0cff1d3991141efc1e7b7"
    }
  ],
  "detected_urls": [],
  "resolutions": [
    {
      "last_resolved": "2019-07-11 10:03:20",
      "hostname": "cet-nat.comcastcntr.pa.bo.comcast.net"
    }
  ],
  "error": null,
  "has_error": false
}

Analyze URL

Analyze URL by VirusTotal

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Action Type: Select an action type.
  • Column Name: Select the name of the column in the parent table containing the domain to submit to VirusTotal.

Output of Action:
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: analysis details
{
  "permalink": "https://www.virustotal.com/gui/url/34fd16559c0caee40f3941c391900a36de23a3031c3ebddc52c1986145724553/detection/u-34fd16559c0caee40f3941c391900a36de23a3031c3ebddc52c1986145724553-1601641706",
  "resource": "34fd16559c0caee40f3941c391900a36de23a3031c3ebddc52c1986145724553-1601641706",
  "url": "https://playground.dev.logichub.com/",
  "response_code": 1,
  "scan_date": "2020-10-02 12:28:26",
  "scan_id": "34fd16559c0caee40f3941c391900a36de23a3031c3ebddc52c1986145724553-1601641706",
  "verbose_msg": "Scan finished, scan information embedded in this object",
  "has_error": false,
  "error": null,
  "filescan_id": null,
  "positives": 0,
  "total": 79,
  "scans": {
    "MalwareDomainList": {
      "detected": false,
      "result": "clean site",
      "detail": "http://www.malwaredomainlist.com/mdl.php?search=playground.dev.logichub.com"
    },
    "Web Security Guard": {
      "detected": false,
      "result": "clean site"
    },
    "OpenPhish": {
      "detected": false,
      "result": "clean site"
    }
  }
}

Analyze File

Analyze File by VirusTotal

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Action Type: Select an action type.
  • Column Name: Select the name of the column in the parent table containing the domain to submit to VirusTotal.

Output of Action:
JSON containing following items:

  • has_error: True/False
  • error: message/null
  • result: analysis details
{
  "scans": {
    "Kaspersky": {
      "detected": false,
      "version": "15.0.1.13",
      "result": null,
      "update": "20201120"
    },
    "MaxSecure": {
      "detected": false,
      "version": "1.0.0.1",
      "result": null,
      "update": "20201119"
    },
    "AVG": {
      "detected": false,
      "version": "20.10.5736.0",
      "result": null,
      "update": "20201120"
    }
  },
  "scan_id": "32d3638fc2a2b8c5ad85839e5ea4dffbab701c08f7cb8c305f11e51189d81231-1605867145",
  "sha1": "714c804de08df5f6852a6470773f4edba31c83d9",
  "resource": "32d3638fc2a2b8c5ad85839e5ea4dffbab701c08f7cb8c305f11e51189d81231-1605867145",
  "response_code": 1,
  "scan_date": "2020-11-20 10:12:25",
  "permalink": "https://www.virustotal.com/gui/file/32d3638fc2a2b8c5ad85839e5ea4dffbab701c08f7cb8c305f11e51189d81231/detection/f-32d3638fc2a2b8c5ad85839e5ea4dffbab701c08f7cb8c305f11e51189d81231-1605867145",
  "verbose_msg": "Scan finished, information embedded",
  "total": 61,
  "positives": 0,
  "sha256": "32d3638fc2a2b8c5ad85839e5ea4dffbab701c08f7cb8c305f11e51189d81231",
  "md5": "c9cd2d0f3cee5961b579e7a5e9fd123e",
  "lh_report_url": "https://www.virustotal.com/gui/file/32d3638fc2a2b8c5ad85839e5ea4dffbab701c08f7cb8c305f11e51189d81231/detection/f-32d3638fc2a2b8c5ad85839e5ea4dffbab701c08f7cb8c305f11e51189d81231-1605867145",
  "error": null,
  "has_error": false
}

Did this page help you?