Sample Artifacts

The following table provides field names and related information for sample artifacts.

Field Name	Artifact Type as it Appears on AutoFocus Web Portal	Field Type	Acceptable Values and Examples
sample.digital_signer	Digital Signer	string	Valid digital signature.
sample.filetype	File Type	select	7zip Archive Adobe Flash File Android APK Android DEX DLL DLL64 ELF JAVA Class JAVA JAR JScript Link Mac OS X app bundle in ZIP archive Mac OS X app installer MacOSX DMG Mach-O Macro Microsoft Excel 97 - 2003 Document Microsoft Excel Document Microsoft PowerPoint 97 - 2003 Document Microsoft PowerPoint Document Microsoft Word 97 - 2003 Document Microsoft Word Document PDF PE PE64 PowerShell RAR Archive RTF Shell Script VBScript
sample.size	File Size	number	Sample size in bytes.
sample.finish_date	Finish Date	date	Timestamp of initial WildFire verdict. Example: 2015-09-21T11:33:20
sample.create_date	First Seen	date	Timestamp when sample was first uploaded to WildFire.
sample.imphash	Import Table Hash	exactStringList	Import hash Example: 099c0646ea7282d232219f8807883be0
sample.update_date	Last Updated	date	Sample update date timestamp.
sample.md5	MD5	exactStringList	MD5 hash. Example: d0b811f1fa5a3f63f337513c41cdf368
sample.sha1	SHA1	exactStringList	SHA1 hash. Example: 91ee460785ba550cf24adf06265efb7f241fd4ec
sample.sha256	SHA256	exactStringList	SHA256 hash. Example: 54cf20480c0fbefc9c35b3413c2930a5e1d2831950f175ca90b19ddb94fbba8c
sample.ssdeep	Ssdeep Fuzzy Hash	string	ssdeep hash value. Example: 768:/1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJO53XR0IFAjr7LTEnb0HgjPikCBT5a:NQpQ5EP0ijnRTXJO53/Ajrq0Hgrik5
sample.malware	WildFire Verdict	select	Possible values: Benign: 0 Malware: 1 Grayware: 2
sample.tasks.metadata_compilation_ts	Compilation Timestamp	date	Timestamp when a PE sample was created. Example: 2018-09-21T10:21:12