The Sample Feed provides a rolling 24-hour window of all binaries processed by UnpacMe, both submissions and unpacked Children. The feed is available for programatic access only via our API.

Feed Structure

The Sample Feed is split into 24 separate volumes one for each hour in the 24-hour window and is refreshed once an hour. Links for direct download of an archive of each of the 24 volumes are provided via the API.

The links are each a unique hash and the current volume (most recent) is also listed separately. These can be used to reconcile previous downloads from the feed with the current volumes available.

Archive Structure

The archives themselves are ZIP files that are password protected using the password infected.

The archive contains a manifest.txt file in a folder named manifest as well as one folder per analysis belonging to the archive hour with the folders using the Analysis ID as a name. The Analysis ID can be used to request additional information about each file from the UnpacMe API.

Each analysis folder contains the following.

  • In the root of the analysis folder is the Parent file for the analysis named by its SHA256 hash.
  • If any Children have been unpacked from the parent there will also be a folder named unpacked which will contain any Children, also named by they SHA256 hash.

The manifest.txt file contains the file path for each file in the archive, one path per line.