MalwareHash

MalwareHash SDK x64 + Signed DLLs

Admin — Fri, 20 Jan 2012 21:07:31 +0000

We have finished development of MalwareHash.com SDK for x64 OS, more we have signed both DLL files (x86 DLL and x64 DLL) with our certificate. The SDK is not anymore available for download from our website, you can contact us by email at info[at]novirusthanks[dot]org to request the SDK files.

How to Secure your MalwareHash Account

Admin — Tue, 06 Dec 2011 00:04:28 +0000

Login to your Control Panel, click the link “Account”, and then click the link “Security”. In this page you can insert your IP Address (if static) to limit the login to your Account only to your IP Address, so no unknown IP Addresses can enter your Account.

How to Register to MalwareHash API Service

Admin — Mon, 05 Dec 2011 23:53:14 +0000

Click the link User Sign Up, fill in all of the required fields and type in the correct captcha (needed to fight spam-bots), then click the button “Login”. Now you will be redirected to your Dashboard, that looks like this:

Now click the link “API Keys” and click the link “Generate” to create a unique API key. When you generate an API key, it has by default 0 queries so you must buy new queries. To do this you may click the link “Buy New Queries” to buy 1000 queries (see Pricing Plans for more details).

The payment system is handled by our eCommerce provider RegNow. , a secure leader in dealing with electronic transactions and electronic product delivery. After you have purchased the new queries, you can start using your Malware Hash API key. Use our SDK (Delphi, C/C++) or our PHP Class to include the API service in your applications or services.

To test the API service for Free, open your Dashboard and click the link “API Keys”, then click the button “Free API Key” to create a unique API key with 50 free queries.

Free API keys with 50 queries

Admin — Mon, 05 Dec 2011 23:45:14 +0000

We have recently included a link “Free API Key” in user Dashboard:

Every new user that register to the service, can make use of this option. When the link “Free API Key” is clicked, it will generate an API key with 50 free queries that can be used for testing the service or for testing applications where is included malwarehash.com service:

We have added free queries also to already registered users.

Software Development Kit – SDK (Delphi, C/C++)

Admin — Mon, 05 Dec 2011 21:38:21 +0000

Easily include our API in other applications.

Users can download the SDK from their Dashboard:

Documentation of the SDK:

//////////////////////////////////////////////////////////////////////////////
/////////////////// MalwareHash Function Definitions ////////////////////////
/////////////////////////////////////////////////////////////////////////////
 
 
/* 
   Validates an API Key in order to use the MalwareHash.com service 
 
   Returns TRUE if the key is valid and has remaining request queries
   Returns FALSE if the key is either invalid or there are no remaining queries left
*/
 
 
typedef BOOL (__stdcall *PIsAPIKeyValid)(char* APIKey);
 
 
/*
   Checks a single MD5 digest Hash 
 
   Returns TRUE if the MD5 Hash is listed in the database and flagged as malware
   Returns FALSE if the MD5 Hash is not located in the database
*/
 
 
typedef BOOL (__stdcall *PMalwareHashSingle)(char* APIKey, 
                                             char* MD5Hash);
 
 
/*
  Checks Multiple MD5 digest Hashes against the server database
 
  Returns TRUE if there is no request errors
  Returns FALSE if there is a request error
 
  Note: After calling this API the "bDetected" member of the FixedMultiHash structure array will be
  set to TRUE for MD5 Hashes which are flagged by the database as malware, FALSE for those that
  are not. The reason this API primarily exists is due to the fact that you can optionally send
  up to 250 MD5 Hashes to the server all in one request which would only eat 1 user query for your
  API Key. Calling MalwareHashSingle() on each of the 250 Hashes would require 250 queries!
*/
 
 
typedef BOOL (__stdcall *PMalwareHashMulti)(char* APIKey, 
                                            FixedMultiHash* MD5Hashes);
 
 
/*
  Ansi -
 
  Returns TRUE if lpFileName can be hashed via MD5 digest (internal operation) and the server
  locates this MD5 Hash in its database
 
  Returns FALSE if lpFileName for some reason cannot be hashed or the successful hash is not present
  in the server database 
*/
 
 
typedef BOOL (__stdcall *PMalwareHashSingleFileA)(char* APIKey, 
                                                  char* lpFileName);
 
 
/*
  Unicode -
 
  Returns TRUE if lpFileName can be hashed via MD5 digest (internal operation) and the server
  locates this MD5 Hash in its database
 
  Returns FALSE if lpFileName for some reason cannot be hashed or the successful hash is not present
  in the server database 
*/
 
 
typedef BOOL (__stdcall *PMalwareHashSingleFileW)(char* APIKey, 
                                                  WCHAR* lpFileName);
 
 
/*
  Ansi -
 
  Checks Multiple MD5 digest Hashes against the server database but only requires full-path FILENAMES
 
  This function is offered for extreme flexibility since all that is required to communicate with the server
  is a valid API Key and a list (array) of filenames, the MD5 hashing is done internally for you
 
  Returns TRUE if there is no request errors
  Returns FALSE if there is a request error
 
  Note: After calling this API the "bDetected" member of the FixedFileHashEntryA structure will be
  set to TRUE for MD5 Hashes which are flagged by the database as malware, FALSE for those that
  are not. Also, any files which are successfully hashed will output their MD5 hash to the "cHash" member 
  of the FixedFileHashEntryA structure variable.
 
  The reason this API primarily exists is due to the fact that you can optionally send
  up to 250 MD5 Hashes to the server all in one request which would only eat 1 user query for your
  API Key. Calling MalwareHashSingleFileA() on each of the 250 filenames would require 250 queries!
*/
 
 
typedef BOOL (__stdcall *PMalwareHashMultiFileA)(char* APIKey, 
                                                 FixedFileHashEntryA* FileNames);
 
 
/*
  Unicode -
 
  Checks Multiple MD5 digest Hashes against the server database but only requires full-path FILENAMES
 
  This function is offered for extreme flexibility since all that is required to communicate with the server
  is a valid API Key and a list (array) of filenames, the MD5 hashing is done internally for you
 
  Returns TRUE if there is no request errors
  Returns FALSE if there is a request error
 
  Note: After calling this API the "bDetected" member of the FixedFileHashEntryW structure will be
  set to TRUE for MD5 Hashes which are flagged by the database as malware, FALSE for those that
  are not. Also, any files which are successfully hashed will output their MD5 hash to the "cHash" member 
  of the FixedFileHashEntryW structure variable.
 
  The reason this API primarily exists is due to the fact that you can optionally send
  up to 250 MD5 Hashes to the server all in one request which would only eat 1 user query for your
  API Key. Calling MalwareHashSingleFileW() on each of the 250 filenames would require 250 queries!
*/
 
 
typedef BOOL (__stdcall *PMalwareHashMultiFileW)(char* APIKey, 
                                                 FixedFileHashEntryW* FileNames);

Included there are examples in C and Delphi.

PHP Class v1.0

Admin — Mon, 05 Dec 2011 21:16:26 +0000

We made available to our users an easy to use PHP Class.

Example usage:

Scan an entire folder:

require_once 'APIService.php';
 
$APIService = new APIService( 'YOUR_API_KEY_HERE' );
 
foreach ( glob( './*' ) as $item )
	$APIService->add_hashes( md5( $item ) );
 
$APIService->call();

Scan a single file:

require_once 'APIService.php';
 
$APIService = new APIService( 'YOUR_API_KEY_HERE' );
$APIService->add_hashes( array( 'c4976df35b7d2d2a77a3d012439909bc', 'c4976df35b7d2d2a77a3d012439909bd' ) );
$APIService->call();

The PHP Class is available for download in the User Dashboard.