Skip to main content

List Samples

GET /samples
Returns a collection of all samples in the system.
start
integer
default:"0"
Starting index for pagination
limit
integer
default:"0"
Maximum number of samples to return (0 for all)
status
string
Response status
data
object
Dictionary of samples keyed by sample_id
{
  "status": "successful",
  "data": {
    "1": {
      "sample_id": 1,
      "sha256": "abc123...",
      "family": "malware_family",
      "version": "1.0",
      "num_functions": 150
    }
  }
}

Add Sample

POST /samples
Adds a new sample from an SMDA report.
username
string
default:"anonymous"
Username for tracking who added the sample
smda_report
object
required
SMDA disassembly report in JSON format
status
string
Response status
data
object
Summary of the added sample including sample_id

Submit Binary

POST /samples/binary
Submits a binary file for analysis and creates a sample.
filename
string
Original filename of the binary
family
string
Family name for the sample
version
string
Version information
is_dump
boolean
default:"false"
Whether the binary is a memory dump
base_addr
string
Base address in hexadecimal (e.g., “0x400000”)
bitness
integer
default:"32"
Binary bitness (32 or 64)
binary
binary
required
Raw binary data
status
string
Response status
data
string
Job ID for tracking the analysis progress
{
  "status": "successful",
  "data": "507f1f77bcf86cd799439011"
}

Get Sample

GET /samples/{sample_id}
Returns detailed information about a specific sample.
sample_id
integer
required
ID of the sample to retrieve
status
string
Response status
data
object
Sample details including metadata and statistics

Update Sample

PUT /samples/{sample_id}
Updates metadata for an existing sample.
sample_id
integer
required
ID of the sample to update
family_name
string
New family name (0-64 alphanumeric chars with single dots, dashes, underscores)
version
string
New version (0-64 printable characters)
component
string
New component name (0-64 printable characters)
is_library
boolean
Whether the sample is a library
status
string
Response status
data
object
Confirmation message

Delete Sample

DELETE /samples/{sample_id}
Deletes a sample and all its associated functions.
sample_id
integer
required
ID of the sample to delete
status
string
Response status
data
boolean
Whether the deletion was successful

Get Sample by SHA256

GET /samples/sha256/{sha256}
Returns a sample identified by its SHA256 hash.
sha256
string
required
SHA256 hash (64 hexadecimal characters)
status
string
Response status
data
object
Sample details

List Sample Functions

GET /samples/{sample_id}/functions
Returns all functions for a specific sample.
sample_id
integer
required
ID of the sample
status
string
Response status
data
object
Dictionary of functions keyed by function_id, sorted by offset

Get Sample Function

GET /samples/{sample_id}/functions/{function_id}
Returns a specific function from a sample.
sample_id
integer
required
ID of the sample
function_id
integer
required
ID of the function
status
string
Response status
data
object
Function details including disassembly and hashes

Build docs developers (and LLMs) love

Get started for freeTalk to us