How do I check if a file is malicious using the API?

You can use the TCA-0101 File Reputation API endpoint with a file hash (SHA256, MD5, or SHA1) to query whether a file is malicious. This API provides an immediate reputation verdict based on ReversingLabs' database of known threats and analysis results.

Spectra Intelligence File Threat Intelligence API Overview

The File Threat Intelligence APIs help security teams assess file reputation, retrieve detailed analysis reports, and manage classification overrides for files in the Spectra Intelligence system.

Common Use Cases

Check if a file is malicious

File reputation (TCA-0101) - Get malware status (malicious, suspicious, known, unknown) with threat level, trust factor, and malware family details. Supports bulk queries.
File reputation override (TCA-0102) - Override file classifications within your organization to handle false positives or flag internal threats.

Get detailed file analysis

File analysis (TCA-0104) - Retrieve comprehensive analysis results for a submitted sample, including file hashes, metadata, relationships, and source history. Depending on availability, the response may include static and dynamic analysis findings, multi-AV detections, behavioral indicators, certificates, and URLs or other artifacts extracted from images or QR codes.
File analysis (goodware) (TCA-0105) - Get analysis data for known-good files only, with trust factor and relationships.

Review AV scan history

Historic multi-AV scan records (TCA-0103) - Retrieve current and historical multi-AV scan reports showing detection changes over time.

All File Threat Intelligence APIs

📄️ File reputation (TCA-0101)

Query malware status, threat level, trust factor, and malware family for MD5, SHA1, or SHA256 hashes using the Spectra Intelligence tca-0101 File Reputation API.

📄️ File reputation override (TCA-0102)

Override file classifications to malicious, suspicious, or known using Spectra Intelligence tca-0102; manage false positives and list org-wide overrides by hash.

📄️ Multi-AV scan records (TCA-0103)

Retrieve current and historical multi-AV scan records for file hashes using Spectra Intelligence tca-0103; supports single and bulk queries of up to 100 hashes.

📄️ File analysis (TCA-0104)

Retrieve comprehensive file analysis from Spectra Intelligence tca-0104: static analysis, dynamic behavior, AV scans, certificates, URLs, and IP/domain IOCs by hash.

📄️ File analysis goodware (TCA-0105)

Retrieve trust factor, hashes, relationships, size, and sources for known-good files only using Spectra Intelligence tca-0105; returns 404 for malicious hashes.

Common Use Cases​

Check if a file is malicious​

Get detailed file analysis​

Review AV scan history​

All File Threat Intelligence APIs​