PolySwarmPolySwarmPolySwarmPolySwarm
Go to PolySwarm
Home

(DEPRECATED) PolySwarm Customer CLI v1

PolySwarm CLI v1 is deprecated and may stop working at any time.

PolySwarm CLI v2 brings a large number of improvements in terms of speed and reliability.

Please utilize PolySwarm CLI v2.

A CLI tool for interacting with PolySwarm APIs.

Supports Python 2.7, 3.5 and greater.

Installation

From PyPI:

$ pip install polyswarm

If you get an error about a missing package named wheel, that means your version of pip is too old. You need pip version 19 or newer. To update pip, run pip install -U pip.

From source:

$ python setup.py install

If you get an error about a missing package named wheel, that means your version of setuptools is too old. You need setuptools version 40.8.0 or newer. To update setuptools, run pip install -U setuptools.

Configuration

Set your API key

$ export POLYSWARM_API_KEY=<Your API key from polyswarm.network>

Set the community name: "default" is the default public community.

$ export POLYSWARM_COMMUNITY=default

Enable tab completion

$ eval "$(_POLYSWARM_COMPLETE=source polyswarm)"

You will need to get your own API key from polyswarm.network/account/api-keys

Usage

The polyswarm command has several sub-commands. You can run the command by itself or use the -h option to get help output.

$ polyswarm
Usage: polyswarm [OPTIONS] COMMAND [ARGS]...

  This is a PolySwarm CLI client, which allows you to interact directly with
  the PolySwarm network to scan files, search hashes, and more.

Options:
  -a, --api-key TEXT              Your API key for polyswarm.network
                                  (required)
  -u, --api-uri TEXT              The API endpoint (ADVANCED)
  -o, --output-file FILENAME      Path to output file.
  --output-format, --fmt [text|json|sha256|sha1|md5]
                                  Output format. Human-readable text or JSON.
  --color / --no-color            Use colored output in text mode.
  -v, --verbose
  -c, --community TEXT            Community to use.
  --advanced-disable-version-check / --advanced-enable-version-check
                                  Enable/disable GitHub release version check.
  --validate                      Validate incoming schemas (note: slow).
  -h, --help                      Show this message and exit.

Commands:
  cat         cat artifact to stdout
  download    download file(s)
  historical  interact with historical scans
  live        interact with live scans
  lookup      lookup UUID(s)
  rescan      rescan files(s) by hash
  scan        scan files/directories
  search      interact with PolySwarm search api
  stream      access the polyswarm file stream
  url         scan url

Sub-Commands

$ polyswarm live
Usage: polyswarm live [OPTIONS] COMMAND [ARGS]...

Options:
  -h, --help  Show this message and exit.

Commands:
  delete   Delete the live hunt associated with the given hunt_id
  list     List all live hunts performed
  results  Get results from live hunt
  start    Start a new live hunt
$ polyswarm live results -h
Usage: polyswarm live results [OPTIONS]

Options:
  -m, --without-metadata  Don't request artifact metadata.
  -b, --without-bounties  Don't request bounties.
  -s, --since INTEGER     How far back in minutes to request results (default:
                          0, or all)
  -i, --hunt-id INTEGER   ID of the rule file (defaults to latest)
  -h, --help              Show this message and exit.

Perform Scans

Scan a File

$ polyswarm scan /tmp/eicar
Report for artifact eicar, hash: 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267
	14 out of 16 engines reported this as malicious
	Tachyon: Malicious, metadata: {'malware_family': 'EICAR-Test-File', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'vendor_version': '2018.11.28.1', 'version': '0.1.0'}}
	Lionic: Malicious, metadata: {'malware_family': 'Test.File.EICAR.y!c', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}}}
	Virusdie: Malicious, metadata: {'malware_family': 'EICAR.TEST', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'vendor_version': '1.3.0', 'version': '0.3.0'}}
	Qihoo 360: Malicious, metadata: {'malware_family': 'qex.eicar.gen.gen', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}}}
	Ikarus: Malicious, metadata: {'malware_family': 'EICAR-Test-File', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'signatures_version': '30.10.2019 19:21:15 (102072)', 'vendor_version': '5.2.9.0', 'version': '0.2.0'}}
	VenusEye: Malicious, metadata: {'malware_family': '', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'version': '0.1.0'}}
	XVirus: Malicious, metadata: {'malware_family': '', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'vendor_version': '3.0.2.0', 'version': '0.2.0'}}
	DrWeb: Malicious, metadata: {'malware_family': 'EICAR Test File (NOT a Virus!)', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'signatures_version': '6C318F66F1FD5E5EAD1F2FE454F349CE, 2019-Oct-30 18:07:50', 'vendor_version': '7.00.41.07240', 'version': '0.3.0'}}
	Nucleon: Clean
	Jiangmin: Malicious, metadata: {'malware_family': 'EICAR-Test-File', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'signatures_version': '', 'vendor_version': '16.0.100', 'version': '0.2.0'}}
	SecureAge: Malicious, metadata: {'malware_family': '', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'signatures_version': '5.78', 'version': '0.3.0'}}
	Alibaba: Malicious, metadata: {'malware_family': 'Virus:Any/EICAR_Test_File.534838ff', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}}, 'type': 'eicar'}
	ClamAV: Malicious, metadata: {'malware_family': 'Eicar-Test-Signature', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'vendor_version': 'ClamAV 0.100.3/25618/Wed Oct 30 08:54:22 2019'}}
	Rising: Malicious, metadata: {'malware_family': 'Virus.EICAR_Test_File!8.D9E', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}}}
	K7: Malicious, metadata: {'malware_family': 'Trojan ( 000139291 )', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'signatures_version': '11.75.32402, 30-Oct-2019', 'vendor_version': '15.2.0.42', 'version': '0.2.0'}}
	ZeroCERT: Clean
	Scan permalink: https://polyswarm.network/scan/results/0725ac93-70ba-432b-9046-3714b5eb908c
	PolyScore: 0.9999999999959422

Scan a URL

$ polyswarm url https://google.com
Report for artifact url, hash: 05046f26c83e8c88b3ddab2eab63d0d16224ac1e564535fc75cdceee47a0938d
        All 5 engines reported this as benign or did not respond
        Virusdie: Clean
        Trustlook: Clean
        Nucleon: Clean
        Cyradar: Clean
        ZeroCERT: Clean
        Scan permalink: https://polyswarm.network/scan/results/1377b0e4-d54a-41b8-87bf-a0885d67cf3c

When scanning a URL, you should always include the protocol (http:// or https://).

Perform Searches

$ polyswarm -o /tmp/test.txt search hash 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267
$ cat /tmp/test.txt
Found 1 matches to the search query.
Search results for sha256=131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267
File 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267
        File type: mimetype: text/plain, extended_info: EICAR virus test files
        SHA256: 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267
        SHA1: cf8bd9dfddff007f75adf4c2be48005cea317c62
        MD5: 69630e4574ec6798239b091cda43dca0
        First seen: Wed, 22 May 2019 15:25:47 GMT
        Observed countries: PR,US
        Observed filenames: 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267,eicar.com,eicar.txt,cf8bd9dfddff007f75adf4c2be48005cea317c62,eicar.com.txt
        Scan permalink: https://polyswarm.network/scan/results/8f51790a-4e30-48ad-b0a2-036c7306168f
        Detections: 16/19 engines reported malicious

Metadata search allows Elasticsearch's query_string searches into metadata.

Examples of performing Metadata Searches using Query Strings:

All artifacts containing the domain "en.wikipedia.org", the file "AndroidManifest.xml" zipped, and that require zip version 19 or greater:

$ polyswarm -o /tmp/test.txt search metadata "strings.domains:en.wikipedia.org AND exiftool.ZipFileName:AndroidManifest.xml AND exiftool.ZipRequiredVersion:>19"
$ cat /tmp/test.txt | more
Found 1000 matches to the search query.
Search results for {'query': {'query_string': {'query': 'strings.domains:en.wikipedia.org AND exiftool.ZipFileName:AndroidManifest.xml'}}}
File 55f9d374e0d16ecaa047f2af9f2dcbb0a6576847caee0a2cbdc36a079961a991
        File type: mimetype: application/x-dosexec, extended_info: PE32 executable (GUI) Intel 80386, for MS Windows
        SHA256: 55f9d374e0d16ecaa047f2af9f2dcbb0a6576847caee0a2cbdc36a079961a991
        SHA1: 4a0da13003a36fc299ea5c7ebd54d59e42854f22
        MD5: ba72c9d80b336ae481a3eceaace1844e
        First seen: Mon, 02 Sep 2019 13:48:06 GMT
        Observed countries: US
        Observed filenames: 55f9d374e0d16ecaa047f2af9f2dcbb0a6576847caee0a2cbdc36a079961a991
        Scan permalink: https://polyswarm.network/scan/results/9c50c2ca-31a8-42cd-b067-b864eff57409
        Detections: 12/19 engines reported malicious
--More--

All artifacts that were detected as "malicious" by engine "DrWeb" in their first scan:

$ polyswarm -o /tmp/test.txt search metadata "scan.first_scan.DrWeb.assertion:malicious"

All artifacts that were scanned by ClamAV on "Linux" in their last scan:

$ polyswarm -o /tmp/test.txt search metadata "scan.last_scan.ClamAV.metadata.scanner.environment.operating_system:Linux"

All artifacts of malware family "Trojan" detected by engine "K7" in their first scan:

$ polyswarm -o /tmp/test.txt search metadata "scan.first_scan.K7.metadata.malware_family:*Trojan*"

All artifacts of malware family "Trojan" detected by any engine in their first scan:

$ polyswarm -o /tmp/test.txt search metadata "scan.first_scan.\*.metadata.malware_family:*Trojan*"

Note that we are using wildcards in the attributes (engine's name) and that a wildcard in an attribute needs to be escaped.

For more information on wildcards for simple query search refer to here.

For more information on searchable metadata fields, please see the Metadata Terms.

Perform Hunts

Live and Historical Hunting

Commands are common for Live and Historical Hunts.

Commands:
  delete   Delete the live hunt associated with the given hunt_id
  list     List all live hunts performed
  results  Get results from live hunt
  start    Start a new live hunt

Start a new live hunt

$ polyswarm live start malware_rule.yar
Successfully submitted rules, hunt id: 51391107176788182

List all live hunts performed

$ polyswarm live list
Hunt: 27534452405590577, total results: 16968, created: 2019-10-24 09:51:31
Hunt: 84660286468562059, total results:    38, created: 2019-10-24 09:41:46
Hunt: 48136488368761413, total results:  3383, created: 2019-10-18 13:17:10
Hunt: 14528174223174001, total results:   627, created: 2019-10-03 14:42:39
Hunt: 81347282565768973, total results:     4, created: 2019-10-02 13:25:14
Hunt: 20467245585975802, total results:   255, created: 2019-10-02 13:24:47
Hunt: 27688265858888884, total results:     3, created: 2019-09-26 08:59:52
Hunt: 85752377622245454, total results:     1, created: 2019-09-23 17:51:01
Hunt: 27384562076658072, total results:   688, created: 2019-09-12 14:34:53
Hunt: 39148967916238668, total results:     7, created: 2019-09-05 16:37:22
Hunt: 32281643932721459, total results:    11, created: 2019-08-22 11:04:59
Hunt: 25813874755811451, total results:    17, created: 2019-07-18 08:40:47

Get results from live hunt

 $ polyswarm live results | more
Scan status: RUNNING

Found 16968 samples in this hunt.
Match on rule android_mlwr_permissions
File 6498d741c1f273194f767e7c21fd5aac03b0c7e2e40c2b209a2a12c3c90b44bf
	File type: mimetype: application/octet-stream, extended_info: Dalvik dex file version 035
	SHA256: 6498d741c1f273194f767e7c21fd5aac03b0c7e2e40c2b209a2a12c3c90b44bf
	SHA1: 14a06c34c2b752484049568d966bf53398ccd179
	MD5: f0cdd14f1bf931887fe0c4e00145fd43
	SSDEEP: 24576:B84J9aeurDJ2XAXQXUXlPGHU8YXMnNrVv8yXHLFGrpmw0UHSmgDg8wSOQboYBwwd:64J9aPOK62hGHi4rd8WHL4fAyQzBnH
	TLSH: 4ed57d17ba101e62d8ad8339a4f71b14377161496f43a3373419e6fa7c632d05bcabca
	First seen: 2019-10-23 01:44:49
	Observed filenames: 6498d741c1f273194f767e7c21fd5aac03b0c7e2e40c2b209a2a12c3c90b44bf
	Scan permalink: https://polyswarm.network/scan/results/f7f2f936-6b7c-4c8c-98f3-78054f201ac1
	Detections: 4/16 engines reported malicious
	PolyScore: 0.9999973300140109

--More--

Delete the live hunt associated with the given hunt_id

$ polyswarm live delete 25813874755811451
Successfully deleted hunt id: 25813874755811451

Download Files

Files are downloaded by referencing their SHA256/SHA1/MD5 hash.

$ polyswarm download test/ 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267
Successfully downloaded artifact 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267 to /home/user/test/131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267

Cat Files

Cat artifact to stdout. Perform feature extraction from artifact without downloading.

$ # Get C&C from malware config
$ polyswarm cat 3b08ce97c512c695c0258c2d0fce86648a28cceb1ce98e0456413e339c7908e8 |hexdump -C
00000000  c3 3e 34 65 04 b3 00 00  00 00 00 00 00 00 00 00  |.>4e............|
00000010  6c f7 51 3a 6b 01 00 00  1e 00 02 00 e8 03 00 00  |l.Q:k...........|
00000020  10 27 00 00 c0 d4 01 00  c0 d4 01 00 e0 93 04 00  |.'..............|
00000030  c0 27 09 00 10 27 00 00                           |.'...'..|
00000038
$ polyswarm cat 3b08ce97c512c695c0258c2d0fce86648a28cceb1ce98e0456413e339c7908e8 |od -An -t u1 -N 4|sed 's/^ //;s/\s\{1,\}/./g'
195.62.52.101

Chain commands

Some commands in the CLI are composable using the sha256 format option and the unix pipe character |. For instance, if we wanted to download all the results matching a metadata query:

$ polyswarm --fmt sha256 search metadata 'strings.domains:malicious.com' | polyswarm download malicious -r -
Successfully downloaded artifact 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267 to /home/user/malicious/131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267

Or we may want to download the last new samples matched in Live Hunting for the last 1 hour:

$ polyswarm --fmt sha256 live results -s 60 | polyswarm download /tmp/download -r -
Successfully downloaded artifact 513c197e7a88299b217dccc8fa16489c83d0abb06367eb2b14ef3a74102d7831 to /tmp/download/513c197e7a88299b217dccc8fa16489c83d0abb06367eb2b14ef3a74102d7831
Successfully downloaded artifact 7aba0a7ff6e263591e33c5c5c644e0fa6a70d299beced8705983189ded448724 to /tmp/download/7aba0a7ff6e263591e33c5c5c644e0fa6a70d299beced8705983189ded448724
Successfully downloaded artifact 2f4a9ef2071ee896674e3da1a870d4efab4bb16e2e26ea3d7543d98b614ceab9 to /tmp/download/2f4a9ef2071ee896674e3da1a870d4efab4bb16e2e26ea3d7543d98b614ceab9
Successfully downloaded artifact a82dd93585094aeba4363c5aeedd1a85ef72c60a03738b25d452a5d895313875 to /tmp/download/a82dd93585094aeba4363c5aeedd1a85ef72c60a03738b25d452a5d895313875
Successfully downloaded artifact b2d29bb9350a0df93d0918c0208af081f917129ee46544508f2e1cf30aa4f4ce to /tmp/download/b2d29bb9350a0df93d0918c0208af081f917129ee46544508f2e1cf30aa4f4ce
Successfully downloaded artifact bf2cdd1dc2e20c42d2451c83b8280490879b3515aa6c15ab297419990e017142 to /tmp/download/bf2cdd1dc2e20c42d2451c83b8280490879b3515aa6c15ab297419990e017142
Successfully downloaded artifact ba04eacaa80bb5da6b02e1e7fdf3775cf5a44a6179b2c142605e089d78a2f5b6 to /tmp/download/ba04eacaa80bb5da6b02e1e7fdf3775cf5a44a6179b2c142605e089d78a2f5b6
Successfully downloaded artifact a7656ccba0946d25a4efd96f4f4576494d5f1e23e6ad2acc16d2e684656a2d4f to /tmp/download/a7656ccba0946d25a4efd96f4f4576494d5f1e23e6ad2acc16d2e684656a2d4f

Lookup UUIDs

Scan results are referenced by their Submission UUID

In this example, we demonstrate the --fmt json option, which saves the output in json format.

$ polyswarm -vvv -o /tmp/test.json --fmt json lookup ac331689-c4a1-400c-be79-98268c182c88
DEBUG:root:Creating API instance: api_key:<redacted>, api_uri:https://api.polyswarm.network/v1
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.polyswarm.network:443
DEBUG:urllib3.connectionpool:https://api.polyswarm.network:443 "GET /v1/consumer/lima/uuid/ac331689-c4a1-400c-be79-98268c182c88 HTTP/1.1" 200 610
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.polyswarm.network:443
DEBUG:urllib3.connectionpool:https://api.polyswarm.network:443 "GET /v1/microengines/list HTTP/1.1" 200 1887
$ cat /tmp/test.json | jq
{
  "files": [
    {
      "assertions": [
        {
          "author": "0xdCc9064325c1aa24E08182676AD23B3D78b39E05",
          "author_name": "ZeroCERT",
          "bid": "500000000000000000",
          "engine": {
            "description": null,
            "name": "ZeroCERT",
            "tags": [
              "url",
              "engine"
            ]
          },
          "mask": true,
          "metadata": {
            "malware_family": "",
            "scanner": {
              "environment": {
                "architecture": "x86_64",
                "operating_system": "Linux"
              },
              "vendor_version": "1.1",
              "version": "0.1.0"
            }
          },
          "verdict": false
        },
        {
          "author": "0x8434434991A61dAcE1544a7FC1B0F8d83523B778",
          "author_name": "Cyradar",
          "bid": "500000000000000000",
          "engine": {
            "description": null,
            "name": "Cyradar",
            "tags": [
              "url",
              "engine"
            ]
          },
          "mask": true,
          "metadata": {
            "malware_family": "",
            "scanner": {
              "environment": {
                "architecture": "x86_64",
                "operating_system": "Linux"
              },
              "vendor_version": "",
              "version": "0.1.0"
            }
          },
          "verdict": false
        },
        {
          "author": "0xF598F7dA0D00D9AD21fb00663a7D62a19D43Ea61",
          "author_name": "Trustlook",
          "bid": "500000000000000000",
          "engine": {
            "description": null,
            "name": "Trustlook",
            "tags": []
          },
          "mask": true,
          "metadata": {
            "malware_family": "Search engine",
            "scanner": {
              "environment": {
                "architecture": "x86_64",
                "operating_system": "Linux"
              },
              "vendor_version": "2",
              "version": "0.1.0"
            }
          },
          "verdict": false
        },
        {
          "author": "0x8d80CEe474b9004949Cf7e4BfA28460AC8e370a1",
          "author_name": "Virusdie",
          "bid": "500000000000000000",
          "engine": {
            "description": null,
            "name": "Virusdie",
            "tags": [
              "url",
              "engine"
            ]
          },
          "mask": true,
          "metadata": {
            "malware_family": "",
            "scanner": {
              "environment": {
                "architecture": "x86_64",
                "operating_system": "Linux"
              },
              "version": "0.3.0"
            }
          },
          "verdict": false
        },
        {
          "author": "0x80Ed773972d8BA0A4FacF2401Aca5CEba52F76dc",
          "author_name": "Nucleon",
          "bid": "500000000000000000",
          "engine": {
            "description": null,
            "name": "Nucleon",
            "tags": [
              "url",
              "engine"
            ]
          },
          "mask": true,
          "metadata": {
            "malware_family": "",
            "scanner": {
              "environment": {
                "architecture": "x86_64",
                "operating_system": "Linux"
              },
              "vendor_version": "",
              "version": "0.1.0"
            }
          },
          "verdict": false
        }
      ],
      "bounty_guid": "423a680a-ebf5-41a1-ba66-c64a84924091",
      "bounty_status": "Bounty Settled",
      "failed": false,
      "filename": "https://google.com",
      "hash": "05046f26c83e8c88b3ddab2eab63d0d16224ac1e564535fc75cdceee47a0938d",
      "id": "14988578236737849",
      "result": null,
      "size": 18,
      "submission_guid": "ac331689-c4a1-400c-be79-98268c182c88",
      "type": "URL",
      "votes": [],
      "window_closed": true
    }
  ],
  "status": "Bounty Settled",
  "uuid": "ac331689-c4a1-400c-be79-98268c182c88"
}

For information regarding the JSON format of a result object, please see polyswarm-api's API.md.

Perform Rescans

Rescans also triggered by referencing the SHA256/SHA1/MD5 hash of the artifact.

$ polyswarm rescan 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267
Report for artifact 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267, hash: 131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267
        17 out of 20 engines reported this as malicious
        VenusEye: Malicious, metadata: {'malware_family': '', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'version': '0.1.0'}}
        K7: Malicious, metadata: {'malware_family': 'Trojan ( 000139291 )', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'signatures_version': '11.66.31997|12/Sep/2019', 'vendor_version': '15.2.0.42', 'version': '0.2.0'}}
        Jiangmin: Malicious, metadata: {'malware_family': 'Find Virus EICAR-Test-File in C:\\Users\\ContainerAdministrator\\AppData\\Local\\Temp\\polyswarm-artifactztoecu5h', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'signatures_version': '', 'vendor_version': '16.0.100 ', 'version': '0.2.0'}}
        Virusdie: Malicious, metadata: {'malware_family': 'EICAR.TEST', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'vendor_version': '1.3.0', 'version': '0.3.0'}}
        Trustlook: Clean
        0xBAFcaF4504FCB3608686b40eB1AEe09Ae1dd2bc3: Malicious, metadata: {'malware_family': 'infected with EICAR Test File (NOT a Virus!)', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'signatures_version': 'Core engine version: 7.00.41.07240\nVirus database timestamp: 2019-Oct-14 00:10:21\nVirus database fingerprint: 95CC1F8E066874DCF48E898334572198\nVirus databases loaded: 170\nVirus records: 8212567\nAnti-spam core is not loaded\nLast successful update: 2019-Oct-14 01:56:03\nNext scheduled update: 2019-Oct-14 02:26:03\n', 'vendor_version': 'drweb-ctl 11.1.2.1907091642\n', 'version': '0.3.0'}}
        Nucleon: Clean
        Alibaba: Malicious, metadata: {'malware_family': 'Virus:Any/EICAR_Test_File.534838ff', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}}, 'type': 'eicar'}
        NanoAV: Malicious, metadata: {'malware_family': 'Marker.Dos.EICAR-Test-File.dyb', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'signatures_version': '0.14.32.16015|1568318271000', 'vendor_version': '1.0.134.90395', 'version': '0.1.0'}}
        Quick Heal: Malicious, metadata: {'malware_family': 'EICAR.TestFile', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'signatures_version': '09 September, 2019', 'version': '0.1.0'}}
        Qihoo 360: Malicious, metadata: {'malware_family': 'qex.eicar.gen.gen', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}}}
        ZeroCERT: Clean
        XVirus: Malicious, metadata: {'malware_family': '', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'vendor_version': '3.0.2.0', 'version': '0.2.0'}}
        Ikarus: Malicious, metadata: {'malware_family': 'EICAR-Test-File', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'signatures_version': '13.10.2019 18:20:55 (102021)', 'vendor_version': '5.2.9.0', 'version': '0.2.0'}}
        ClamAV: Malicious, metadata: {'malware_family': 'Eicar-Test-Signature', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}, 'vendor_version': 'ClamAV 0.100.3/25601/Sun Oct 13 08:51:55 2019\n'}}
        SecureAge: Malicious, metadata: {'malware_family': '', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'signatures_version': '5.73', 'version': '0.3.0'}}
        Lionic: Malicious, metadata: {'malware_family': '{"infections": [{"name": "Test.File.EICAR.y!c", "location": "polyswarm-artifact52c_247x", "path": "C:/Users/ContainerAdministrator/AppData/Local/Temp/polyswarm-artifact52c_247x", "time": "2019/10/14 02:00:47"}]}', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}}}
        Antiy-AVL: Malicious, metadata: {'malware_family': 'Virus/DOS.EICAR_Test_File', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}}}
        Tachyon: Malicious, metadata: {'malware_family': 'EICAR-Test-File', 'scanner': {'environment': {'architecture': 'AMD64', 'operating_system': 'Windows'}, 'vendor_version': '2018.11.28.1', 'version': '0.1.0'}}
        Rising: Malicious, metadata: {'malware_family': 'Virus.EICAR_Test_File!8.D9E', 'scanner': {'environment': {'architecture': 'x86_64', 'operating_system': 'Linux'}}}
        Scan permalink: https://polyswarm.network/scan/results/ce290fc6-77c1-4dd2-944d-2dc52b6ea722

2020 © PolySwarm Pte. Ltd.