Malware hunting

📄️ Advanced search (TCA-0320)

The Advanced Search enables users to filter samples by search criteria submitted in a POST request. A wide range of search keywords is available, and they can be combined using search operators to build advanced queries.

📄️ YARA hunting (TCA-0303)

The ReversingLabs YARA Hunting service enables users to create custom YARA rules containing textual or binary patterns, and upload them to the service to obtain matches using the APIs described in this document. When a sample matches the pattern found in a YARA rule, it receives the classification defined by that rule.

📄️ YARA retro hunting (TCA-0319)

The ReversingLabs YARA Retro Hunting service enables users to run their own YARA rules and retroactively match them against files from the ReversingLabs sample set. The YARA Retro Hunting sample set is based on the last 90 days of stored samples, excluding samples larger than 200 MB and archives. Samples extracted from archives are not excluded.

📄️ Functionally similar files (TCA-0301)

The RHA (ReversingLabs Hashing Algorithm) identifies code similarity between unknown samples and previously seen malware samples. Files have the same RHA1 hash when they are functionally similar.

📄️ Functionally similar files (analytics) (TCA-0321)

The ReversingLabs Hashing Algorithm (RHA) identifies code similarity between unknown samples and previously seen malware samples. Files have the same RHA1 hash when they are functionally similar.

📄️ Imphash similarity (TCA-0302)

Imphash Index provides a list of all available SHA1 hashes for files sharing the same import hash (imphash). An imphash is a hash calculated from a string which contains the libraries imported by a Windows Portable Executable (PE) file.

📄️ Malware family detection (TCA-0305)

The Malware Family Detection API takes a file hash and returns all malware families to which that sample belongs, based on the detections from the latest AV scan.

📄️ Vertical feeds statistics (TCA-0307-0311, 0317)

ReversingLabs Malware Detection Family Feed V2 provides information about new malware samples detected in the Spectra Intelligence system, filtered by category (industry). Categories and API codes correspond to ReversingLabs Targeted and Industry-Specific File Indicator Feeds (e.g., Financial, Retail, Exploits...).

📄️ Vertical feeds search (TCA-0312-0316, 0318)

This service can be used to retrieve information about new malware samples from ReversingLabs Targeted and Industry-Specific File Indicator Feeds by searching for malware family names.

📄️ Indicators of Compromise (TCA-0330)

ReversingLabs Indicators of Compromise (IoC) service delivers access to large volumes of structured threat intelligence data for samples and URLs. It supports both detailed data retrieval and summary statistics, with filtering by type (sample or URL), time format (timestamp or UTC), classification, threat level, malware family, malware type, threat actor, sample type, platform, and vertical. The results are returned in JSON format, and can be limited and paginated.