openapi: 3.0.0 info: title: RESTful4Up description: RESTful API 4 Unipacker version: 1.0.0 servers: - url: /v1 paths: /unpack: post: description: try to unpack the given file operationId: unpack requestBody: content: multipart/form-data: schema: required: - file properties: file: type: string description: file format: binary required: true responses: 200: description: Ok content: '*/*': schema: type: string format: binary 400: description: request error content: '*/*': schema: $ref: '#/components/schemas/error' 500: description: server error content: '*/*': schema: $ref: '#/components/schemas/error' /emulation-output: post: description: try to get the emulation output after unpacking the file operationId: emulationOutput requestBody: content: multipart/form-data: schema: required: - file properties: file: type: string description: file format: binary required: true responses: 200: description: emulation output after unpacking the file content: '*/*': schema: required: - output properties: output: type: array items: type: string 400: description: request error content: '*/*': schema: $ref: '#/components/schemas/error' 500: description: server error content: '*/*': schema: $ref: '#/components/schemas/error' /clean: head: description: clean up the uploaded files operationId: clean responses: 204: description: Ok 500: description: server error content: '*/*': schema: $ref: '#/components/schemas/error' /generate-partial-yara-rules: post: description: generate partial YARA rules for give executable. (Rule without the condition section) operationId: generatePartialYaraRule requestBody: required: true content: multipart/form-data: schema: required: - file properties: file: type: string description: file format: binary is_unpacking_required: type: string enum: ['true', 'false'] minimum_string_length: type: string strings_to_ignore: type: array items: type: string minItems: 0 maxItems: 1000 responses: 200: description: Yara rules content: '*/*': schema: properties: rule: $ref: '#/components/schemas/yara' 400: description: request error content: '*/*': schema: $ref: '#/components/schemas/error' 500: description: server error content: '*/*': schema: $ref: '#/components/schemas/error' /apply-yara-rules: post: description: apply given YARA rules to the given executable. (upto 10 rules) operationId: applyYaraRules requestBody: required: true content: multipart/form-data: schema: required: - file - rules properties: file: type: string description: file format: binary is_unpacking_required: type: string enum: ['true', 'false'] rules: type: array items: type: string description: Rule as BASE-64 encoded string minItems: 1 maxItems: 10 responses: 200: description: Yara rules content: '*/*': schema: properties: result: $ref: '#/components/schemas/apply_yara_rule' 400: description: request error content: '*/*': schema: $ref: '#/components/schemas/error' 500: description: server error content: '*/*': schema: $ref: '#/components/schemas/error' components: schemas: yara: required: - name - meta - strings properties: name: type: string description: Yara rule name meta: type: object description: Yara rule meta data section required: - date - md5sum - sha256sum - sha512sum properties: date: type: string description: Date of the YARA rule created md5sum: type: string description: MD5 check sum sha256sum: type: string description: SHA 256 check sum sha512sum: type: string description: SHA 512 check sum strings: type: array description: Yara rule string section items: type: array items: type: string minItems: 2 maxItems: 2 apply_yara_rule: required: - yara_command - is_success properties: matched_yara_rules: type: array description: matched YARA rules items: type: array items: type: object description: Yara rule meta data section required: - rule - string_information properties: rule: type: string description: matched rule string_information: type: array items: type: string description: string which matched during the scanning yara_command: type: string description: Yara command executed is_success: type: boolean description: is operation success error_message: type: string description: error message, if YARA failed error: required: - status - message type: object properties: status: type: integer message: type: string