SHA256 Hashfile lookups return incorrect dates.

[iR00i]

I am using the following code to lookup security details on APK files.

import requests
import json

def lookup_and_save(hash_url, path, API_key):
    url = f"https://www.virustotal.com/api/v3/search?query={hash_url}"

    headers = {
    "accept": "application/json",
    "x-apikey": API_key
    }
    response = requests.get(url, headers=headers)

    with open(PATH+hash_url+'.json', 'w') as file:
        json.dump(response.json(), file)

The issue is that the returned data contain encrypted or wrong dates. For example, if you lookup the hashfile d7c903fa55357c3b764360432f0134a0e804f0f5dc43c5e2e7e33e3a89d71c00, on the VirusTotal website it will report the dates as:

First Submission    2018-12-02 02:40:18 UTC
Last Submission 2022-03-07 23:08:16 UTC
Last Analysis   2022-03-07 23:08:16 UTC
Earliest Contents Modification  2018-11-01 16:00:28
Latest Contents Modification    2018-11-01 16:00:30

while the code returns the first_submission_date for example as 1537773411

Note: I am using the free version of the API

[iR00i]

Ok nvm, I just learned about UTC timestamps

[karlhiramoto]

Yes they are unix timestamps. You can find description of the file object at https://developers.virustotal.com/reference/files