Malware Distribution Project

MD:Pro is a vast malware repository with a huge collection of samples, offered for the purposes of analysis, testing and malware research.

Our malware database is in use in various commercial anti-malware products around the world, ranging from black-listing applications to hardware based security appliances. To learn more about MD:Pro, click here »

Member Login

Username:
Password:

Don't have an account?
Register or Reset Password

Verify Your Humanity

API Usage Guide

The MD:Pro API allows you to access the malware meta data stored by this service. The API is provided over HTTPS and returns JSON which means it can be used within any programming language and on any platform.

Authentication

Each request to the API requires authentication; each request is isolated and there is no persistent session. Authentication is provided by using the username and password of your MD:Pro account. By default, API access is disabled and must be enabled by an administrator.

Basic Usage

The API is accessed from a single URL, using HTTPS:

https://api.frame4.net

Each API request also requires a function command to tell the API what you want to do. This is passed as a parameter as part of the request:

c=command

currently there is only one command - getFileDetails

https://api.frame4.net/?c=getFileDetails

Other parameters

u = username
i = password
h = hash
t = hashtype (optional, md5sum or sha1sum)

For example:

https://api.frame4.net/?c=getFileDetails;u=username;i=password;h=fbda833cd86990081123893fc63dbc79;t=md5sum

Response

The response returned by the API will always be JSON. Any errors generated by the API will also be returned as JSON which means that if you ever receive a blank response or bad JSON, an error has occurred in the request itself. Every request will return a JSON response with 2 elements:

Success Response

status - 1
data - a multi-dimensional array that will contain the data you requested.

For example the response to the above request for the details of hash fbda833cd86990081123893fc63dbc79 would return:

{
   "status":1,
   "data":{
      "base":{
         "trid":"
         49.9% (.EXE) Generic Win/DOS Executable (2002/3)
         49.8% (.EXE) DOS Executable Generic (2000/1)
         0.1% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)",
         "magictype":null,
         "added":"11-07-2010 07:48:15",
         "sha512sum":"21547ec2da6c124afc944b7cdf31b14a8d0a06b64938cebd5e8898660e54abbdf128a9eb3546648c6b672233db64b1c486a01c88efd9204661368e088b4b01b2",
         "md5sum":"fbda833cd86990081123893fc63dbc79",
         "origname":"fbda833cd86990081123893fc63dbc79.bi",
         "filesize":"27136",
         "pdfid":null,
         "sha256sum":"f632170f60c5fc6ddfa4fafd0a6f164df34f0a3b38780ab6194fc359bc96dadc",
         "category":null,
         "ssdeepsum":"768:R0t1WQo4z4N86igAnXW3i1+Jm9/0lt5v7D:RA1WQ5H3W3i1+d9",
         "sha1sum":"b192b922de60f777dc7be80f81d8438c2aaa5713"
      },
      "av":[
         {
            "info":"Packed.Win32.Tdss.f",
            "av_lastupdate":null,
            "av_version":null,
            "scandate":"27-04-2009 03:45:10",
            "scanner":"Kaspersky"
         },
         {
            "info":"Gen:Trojan.Heur.TDSS.6008F7E7E7",
            "av_lastupdate":null,
            "av_version":null,
            "scandate":"27-04-2009 03:45:10",
            "scanner":"BitDefender"
         },
         {
            "info":null,
            "av_lastupdate":null,
            "av_version":null,
            "scandate":"27-04-2009 03:45:10",
            "scanner":"ClamAV"
         },
         {
            "info":"FakeAlert.k",
            "av_lastupdate":null,
            "av_version":null,
            "scandate":"27-04-2009 03:45:10",
            "scanner":"McAfee"
         },
         {
            "info":"",
            "av_lastupdate":null,
            "av_version":null,
            "scandate":"14-07-2009 05:26:23",
            "scanner":"Sunbelt"
         }
      ],
      "pe":{
         "num_imports":null,
         "entrypoint":"0000B174",
         "imports":null,
         "machinetype":null,
         "timedatestamp":null,
         "subsystem":"Win32 GUI",
         "exports":null,
         "num_sections":null,
         "linkerinfo":"6.0",
         "fileoffset":"00005B74",
         "packer":"MPRESS V2.00-V2.0X -> MATCODE Software * Sign.By.fly * 20090423 *",
         "sections":null,
         "num_exports":null,
         "firstbytes":"60,E8,00,00"
      }
   },
   "code":101,
   "message":"Hash found"
}

Error Response

status - 2
error
   code - the error code for the message
   message - a brief description of the error

Error Codes & Messages:

101 : Hash found
102 : Hash not found
201 : Not a https request
202 : Connection to the database has failed
301 : Not a valid API user
302 : Missing username
303 : Wrong username
304 : Missing password
305 : Wrong password
401 : Search hash is missing
402 : Improper search hash
901 : Missing data in JSON encoder
902 : Demo credits depleted
else  Undefined error occurred

For example, using http instead of https, would return:

{"status":2,"error":{"code":201,"message":"Not a https request"}}

Represented programmatically by PHP, this looks like:

stdClass Object
(
    [status] => 2
    [error] => stdClass Object
        (
            [code] => 201
            [message] => Not a https request
        )

)

Total number of files:
15.000.000+

Database last updated on:
01.01.2012

New files since last update:
40.000

Contact Information

Frame4 Security Services
P.O. Box 175
2400 AD Alphen a/d Rijn
The Netherlands
E-mail: info@frame4.com
Tel:     +31(0)6 51491507
Fax:     +31(0)20 7508858
Help:   Support