jschell · August 15, 2025 21:49
diff --git a/Get-VTFileReport.ps1 b/Get-VTFileReport.ps1
 function Get-VTFileReport
 {
 <# 
 .Synopsis 
    Get report from VT for given hash
 .Description 
    Get report from VT for given hash
    
 .Example 
 > Get-VTFileReport -ResourceHash ca67998f344b7a697cbf815e740a6272 -VTApiKey $myKey

 Response     : Scanned
 ResponseRaw  : 1
 IsPositive   : False
 PositiveScan : 0
 TotalScans   : 43
 Resource     : ca67998f344b7a697cbf815e740a6272
 ScannedTime  : 2010-11-24 12:14:11
 Permalink    : https://www.virustotal.com/file/59deb1d462fd39ebd38b28cc6a979d654f5fd24d8eefeda335d907b3a719cfb7/analysis/1290600851/

 .Example 
 > $files = @('7ee7e4102452f9f2132e34e5244cff14','7A4CFCAA7A5E868B837068229176D883')
 > Get-VTFileReport -ResourceHash $files -VTApiKey $myKey

 Response     : Scanned
 ResponseRaw  : 1
 IsPositive   : False
 PositiveScan : 0
 TotalScans   : 43
 Resource     : 7ee7e4102452f9f2132e34e5244cff14
 ScannedTime  : 2010-11-24 04:56:05
 Permalink    : https://www.virustotal.com/file/02d2e8dc3bb84924d37ed956ac6525125ae2a22318a0fcd351387fea663e9e93/analysis/1290574565/

 Response     : Not Present/Not Scanned
 ResponseRaw  : 0
 IsPositive   : False
 PositiveScan :
 TotalScans   :
 Resource     : 7A4CFCAA7A5E868B837068229176D883
 ScannedTime  :
 Permalink    :

    
 .NOTES

 #### Name:       Get-VTFileReport
 #### Author:     J Schell
 #### Version:    0.1.2
 #### License:    MIT

 ### Change Log

 ##### 2019-09-13::0.1.2
 - we only need to wait if making more than one req... added logic to sleep delay _after_ the first iteration

 ##### 2019-09-13::0.1.1
 - update result output
 - pretty response code returned

 ##### 2019-09-12::0.1.0
 - initial create    
 #>

    
    [CmdletBinding()]
    param
    (    
        [Parameter()]
        [string[]]
        $ResourceHash,
        
        [Parameter()]
        [string[]]
        $VTApiKey = $env:VTApiKey
        
    )
    Begin
    {
        $vTApiKeyValid = @()
        foreach( $key in $VTApiKey)
        {
            if( $key.length -ne 64 )
            {
                Write-Warning "Key incorrect length $($key)"
            }
            else
            {
                $vTApiKeyValid += @($key)
            }
        }
        if( $vTApiKeyValid.Count -lt 1)
        {
            Throw "Must have valid VTApiKey to proceed."
            Break
        }
        
        $vTApiKeyCount = $vTApiKeyValid.Count
        $delaySecBetweenQuery = 15/$vTApiKeyCount
        
        $fileReportResult = New-Object -TypeName System.Collections.ArrayList
        
        
        $responseCode = New-Object System.Collections.Specialized.OrderedDictionary
        $responseCode.Add("Not Present/Not Scanned", 0)
        $responseCode.Add("Scanned", 1)
        $responseCode.Add("Queued for Scan", -2)
        
    }
    Process
    {
        $resourceHashProgress = 0
        do
        {
            for( $key = 0; $key -lt $vTApiKeyCount; $key++ )
            {
                $keyToUse = $vTApiKeyValid[$key]
                $hashCheck = $ResourceHash[$resourceHashProgress]
                $query = Invoke-RestMethod -Method GET -Uri "https://www.virustotal.com/vtapi/v2/file/report?apikey=$($keyToUse)&resource=$($hashCheck)"
                if($resourceHashProgress -gt 0)
                {
                    Start-Sleep -Seconds $delaySecBetweenQuery
                }
                
                
                $result = New-Object -TypeName PsObject -Property ([ordered]@{
                    Response    = ($responseCode.GetEnumerator().Where({$_.Value -eq $query.response_code}).name)
                    ResponseRaw = $query.response_code
                    IsPositive  = ($query.Positives -ge 1)
                    PositiveScan= $query.Positives
                    TotalScans  = $query.total
                    Resource    = $query.resource 
                    ScannedTime = $query.scan_date
                    Permalink   = $query.permalink
                })
                [void]$fileReportResult.Add($result)
                
                $resourceHashProgress++
            }
        }
        While( $resourceHashProgress -lt $ResourceHash.Count )
    }
    End
    {
        $fileReportResult
    }
 }
	function Get-VTFileReport
	{
	<#
	.Synopsis
	Get report from VT for given hash
	.Description
	Get report from VT for given hash

	.Example
	> Get-VTFileReport -ResourceHash ca67998f344b7a697cbf815e740a6272 -VTApiKey $myKey

	Response : Scanned
	ResponseRaw : 1
	IsPositive : False
	PositiveScan : 0
	TotalScans : 43
	Resource : ca67998f344b7a697cbf815e740a6272
	ScannedTime : 2010-11-24 12:14:11
	Permalink : https://www.virustotal.com/file/59deb1d462fd39ebd38b28cc6a979d654f5fd24d8eefeda335d907b3a719cfb7/analysis/1290600851/

	.Example
	> $files = @('7ee7e4102452f9f2132e34e5244cff14','7A4CFCAA7A5E868B837068229176D883')
	> Get-VTFileReport -ResourceHash $files -VTApiKey $myKey

	Response : Scanned
	ResponseRaw : 1
	IsPositive : False
	PositiveScan : 0
	TotalScans : 43
	Resource : 7ee7e4102452f9f2132e34e5244cff14
	ScannedTime : 2010-11-24 04:56:05
	Permalink : https://www.virustotal.com/file/02d2e8dc3bb84924d37ed956ac6525125ae2a22318a0fcd351387fea663e9e93/analysis/1290574565/

	Response : Not Present/Not Scanned
	ResponseRaw : 0
	IsPositive : False
	PositiveScan :
	TotalScans :
	Resource : 7A4CFCAA7A5E868B837068229176D883
	ScannedTime :
	Permalink :


	.NOTES

	#### Name: Get-VTFileReport
	#### Author: J Schell
	#### Version: 0.1.2
	#### License: MIT

	### Change Log

	##### 2019-09-13::0.1.2
	- we only need to wait if making more than one req... added logic to sleep delay _after_ the first iteration

	##### 2019-09-13::0.1.1
	- update result output
	- pretty response code returned

	##### 2019-09-12::0.1.0
	- initial create
	#>


	[CmdletBinding()]
	param
	(
	[Parameter()]
	[string[]]
	$ResourceHash,

	[Parameter()]
	[string[]]
	$VTApiKey = $env:VTApiKey

	)
	Begin
	{
	$vTApiKeyValid = @()
	foreach( $key in $VTApiKey)
	{
	if( $key.length -ne 64 )
	{
	Write-Warning "Key incorrect length $($key)"
	}
	else
	{
	$vTApiKeyValid += @($key)
	}
	}
	if( $vTApiKeyValid.Count -lt 1)
	{
	Throw "Must have valid VTApiKey to proceed."
	Break
	}

	$vTApiKeyCount = $vTApiKeyValid.Count
	$delaySecBetweenQuery = 15/$vTApiKeyCount

	$fileReportResult = New-Object -TypeName System.Collections.ArrayList


	$responseCode = New-Object System.Collections.Specialized.OrderedDictionary
	$responseCode.Add("Not Present/Not Scanned", 0)
	$responseCode.Add("Scanned", 1)
	$responseCode.Add("Queued for Scan", -2)

	}
	Process
	{
	$resourceHashProgress = 0
	do
	{
	for( $key = 0; $key -lt $vTApiKeyCount; $key++ )
	{
	$keyToUse = $vTApiKeyValid[$key]
	$hashCheck = $ResourceHash[$resourceHashProgress]
	$query = Invoke-RestMethod -Method GET -Uri "https://www.virustotal.com/vtapi/v2/file/report?apikey=$($keyToUse)&resource=$($hashCheck)"
	if($resourceHashProgress -gt 0)
	{
	Start-Sleep -Seconds $delaySecBetweenQuery
	}


	$result = New-Object -TypeName PsObject -Property ([ordered]@{
	Response = ($responseCode.GetEnumerator().Where({$_.Value -eq $query.response_code}).name)
	ResponseRaw = $query.response_code
	IsPositive = ($query.Positives -ge 1)
	PositiveScan= $query.Positives
	TotalScans = $query.total
	Resource = $query.resource
	ScannedTime = $query.scan_date
	Permalink = $query.permalink
	})
	[void]$fileReportResult.Add($result)

	$resourceHashProgress++
	}
	}
	While( $resourceHashProgress -lt $ResourceHash.Count )
	}
	End
	{
	$fileReportResult
	}
	}
No results found