Retrieve file scan reports

The resource argument can be the MD5, SHA-1 or SHA-256 of a file for which you want to retrieve the most recent antivirus report. You may also specify a scan_id returned by the /file/scan endpoint.

If the allinfo argument is set to true additional information other than the antivirus results is returned. This additional information includes:

  • the output of several third party tools acting on the file (PDFiD, ExifTool, sigcheck, TrID, etc.)
  • the output of other in-house technologies.
  • metadata regarding VirusTotal submissions:
    • number of unique sources that have sent the file in the past
    • first_seen first seen date
    • submission_names a list of file names it was sumitted as
  • behaviour-v1 output of behavioral sandboxes if there was successful execution in the sandbox.
    • File operations (read, write, open, etc)
    • Network operations
    • Mutex/registry operations


sandbox data

The file/behaviour has the raw sandbox data, and requires additional parsing on the client side. file/report with allinfo behaviour-v1 contains a good summary


Private API

The allinfo argument is available in the Private API only.

 'response_code': 1,
 'verbose_msg': 'Scan finished, scan information embedded in this object',
 'resource': '99017f6eebbac24f351415dd410d522d',
 'scan_id': '52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c-1273894724',
 'md5': '99017f6eebbac24f351415dd410d522d',
 'sha1': '4d1740485713a2ab3a4f5822a01f645fe8387f92',
 'sha256': '52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c',
 'scan_date': '2010-05-15 03:38:44',
 'permalink': '',
 'positives': 40,
 'total': 40,
 'scans': {
   'nProtect': {
     'detected': true, 
     'version': '2010-05-14.01', 
     'result': 'Trojan.Generic.3611249', 
     'update': '20100514'
   'CAT-QuickHeal': {
     'detected': true, 
     'version': '10.00', 
     'result': 'Trojan.VB.acgy', 
     'update': '20100514'
   'McAfee': {
     'detected': true, 
     'version': '5.400.0.1158', 
     'result': 'Generic.dx!rkx', 
     'update': '20100515'
   'TheHacker': {
     'detected': true, 
     'version': '', 
     'result': 'Trojan/VB.gen', 
     'update': '20100514'
   'VirusBuster': {
    'detected': true,
     'version': '',
     'result': 'Trojan.VB.JFDE',
     'update': '20100514'
Click Try It! to start a request and see the response here!