HEXL
Catalog/security-file-hash

Security

File-hash malware lookup (MalwareBazaar) API

Returns a malware verdict for an MD5/SHA-1/SHA-256 file hash from abuse.ch MalwareBazaar's keyless recent-samples corpus, normalized to family/signature, file type, first-seen, and tags. Answers 'is this file hash malware', 'what malware family is this hash', 'MalwareBazaar lookup', 'is this SHA256 known-bad'.

Price$0.01per request
MethodPOST
Route/v1/security/file-hash
StatusLive
MIME typeapplication/json
Rate limit60/minute
Cache3600s public
securityhashmalwaremalwarebazaarsha256md5iocthreat
API URLhttps://x402.hexl.dev/v1/security/file-hash
Integration docs
Example request
{
  "hash": "d41d8cd98f00b204e9800998ecf8427e"
}
Example response
{
  "hash": "d41d8cd98f00b204e9800998ecf8427e",
  "hashType": "md5",
  "found": true,
  "verdict": "malicious",
  "family": "AgentTesla",
  "fileType": "exe",
  "firstSeen": "2024-01-02 03:04:05",
  "tags": [
    "AgentTesla"
  ],
  "note": "Matched in the MalwareBazaar recent-samples corpus."
}
Input schema
{
  "type": "object",
  "required": [
    "hash"
  ],
  "properties": {
    "hash": {
      "type": "string",
      "examples": [
        "d41d8cd98f00b204e9800998ecf8427e"
      ]
    }
  }
}
Output schema
{
  "type": "object",
  "additionalProperties": true
}