The Sample Feed provides a rolling 24-hour window of all binaries processed by UnpacMe, both submissions and unpacked Children. The feed is available for programatic access only via our API.
Feed Structure
The Sample Feed is split into 24 separate volumes one for each hour in the 24-hour window and is refreshed once an hour. Links for direct download of an archive of each of the 24 volumes are provided via the API.
The links are each a unique hash and the current volume (most recent) is also listed separately. These can be used to reconcile previous downloads from the feed with the current volumes available.
Archive Structure
The archives themselves are ZIP files that are password protected using the password infected.
The archive contains a manifest.txt file in a folder named manifest as well as one folder per analysis belonging to the archive hour with the folders using the Analysis ID as a name. The Analysis ID can be used to request additional information about each file from the UnpacMe API.
Each analysis folder contains the following.
- In the root of the analysis folder is the Parent file for the analysis named by its SHA256 hash.
- If any Children have been unpacked from the parent there will also be a folder named
unpackedwhich will contain any Children, also named by they SHA256 hash.
The manifest.txt file contains the file path for each file in the archive, one path per line.
2d79992a-6152-4e74-8824-fb0914461c4e/8f6e0c353e6a0fa914b775f23340960455d497563142c4c03d2436977070e20b
68c83b3b-1f9d-4b7f-adb0-9c58475e2c6b/f16882b0376eb801c90c9aa3a38809bcb9306a18d90cb44fc886feb6348c8940
68c83b3b-1f9d-4b7f-adb0-9c58475e2c6b/unpacked/f709989d0527e4778e38eb4febe0e9570aaa763466df77cba5c17dc0396a83b6
68c83b3b-1f9d-4b7f-adb0-9c58475e2c6b/unpacked/4e96660cc8be7171a79755a20860366987547322b3a809e78c9850f14c242262
8f7432f2-ba10-41f4-9342-267ecc623350/86abd6a57988fa5f8d1a41c4ffd0ae73529acef1a20350940f556556585d864b