Skip to main content

Query with SMDA Report

POST /query
Queries the database with an SMDA disassembly report without adding it to storage.
minhash_threshold
float
Minimum MinHash similarity threshold (0.0 to 1.0)
pichash_size
integer
PicHash size threshold
smda_report
object
required
SMDA disassembly report in JSON format
status
string
Response status
data
object
Match results including similar samples and functions
{
  "status": "successful",
  "data": {
    "matches": {
      "sample_matches": {},
      "function_matches": {}
    },
    "info": {
      "num_functions": 150,
      "sha256": "abc123..."
    }
  }
}

Query with Unmapped Binary

POST /query/binary
Queries with a raw binary file. MCRIT will attempt to determine the base address automatically.
minhash_threshold
float
Minimum MinHash similarity threshold
pichash_size
integer
PicHash size threshold
binary
binary
required
Raw binary data
status
string
Response status
data
object
Match results from the binary analysis

Query with Mapped Binary

POST /query/binary/mapped/{base_address}
Queries with a binary file using a specific base address.
base_address
string
required
Base address in hexadecimal (e.g., “0x400000”) or decimal
minhash_threshold
float
Minimum MinHash similarity threshold
pichash_size
integer
PicHash size threshold
binary
binary
required
Raw binary data
status
string
Response status
data
object
Match results from the binary analysis

Query with SMDA Function

POST /query/function
Queries with a single function from an SMDA report.
minhash_threshold
float
Minimum MinHash similarity threshold
pichash_size
integer
PicHash size threshold
smda_function
object
required
SMDA function object in JSON format
status
string
Response status
data
object
Match results for the function

Query by PicHash

GET /query/pichash/{pichash}
Finds all functions with a specific PicHash.
pichash
string
required
PicHash value (16 hexadecimal characters)
status
string
Response status
data
array
List of tuples containing (family_id, sample_id, function_id) for each match
{
  "status": "successful",
  "data": [
    [1, 5, 42],
    [1, 6, 38],
    [2, 12, 103]
  ]
}

Query PicHash Summary

GET /query/pichash/{pichash}/summary
Returns aggregate statistics for a PicHash.
pichash
string
required
PicHash value (16 hexadecimal characters)
status
string
Response status
data
object
Summary with counts of families, samples, and functions
{
  "status": "successful",
  "data": {
    "families": 2,
    "samples": 5,
    "functions": 8
  }
}

Query by PicBlockHash

GET /query/picblockhash/{picblockhash}
Finds all basic blocks with a specific PicBlockHash.
picblockhash
string
required
PicBlockHash value (16 hexadecimal characters)
status
string
Response status
data
array
List of tuples containing (family_id, sample_id, function_id, offset) for each match

Query PicBlockHash Summary

GET /query/picblockhash/{picblockhash}/summary
Returns aggregate statistics for a PicBlockHash.
picblockhash
string
required
PicBlockHash value (16 hexadecimal characters)
status
string
Response status
data
object
Summary with counts of families, samples, functions, and offsets
{
  "status": "successful",
  "data": {
    "families": 3,
    "samples": 12,
    "functions": 24,
    "offsets": 36
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us