PE Similarity Search

PE fields

These features are carefully selected based on their ability to provide accurate and relevant results, and they are continuously updated to stay current with the latest malware trends and techniques.

Numeric Fields
Binary metadata
Version info
Pdb guid
Compilers
Sections
Resources
Extracted
Imports
Certificates
Threat Indicators
Field nameTypeDescription
File sizeNumberSize of the input file
Unix timestampNumberA timestamp showing when the file was compiled
File characteristicNumberCharacteristics defining the behavior of the PE
DLL characteristicNumberFeatures which make a PE actually portable in memory
SubsystemNumberDefines whether the PE is made to be a Console or UI application
Image baseNumber“Base” address used if relocation doesn’t happen
Linker version(major)NumberWhat version of linker what used at compilation time
Linker version(minor)NumberWhat version of linker what used at compilation time
Entry point section entropyNumberEntropy of the section where the entry point resides
Section numberNumberNumber of sections present in the PE
Resource numberNumberNumber of resources present in the PE
Resources to file ratioNumberRatio between the size of the resources & the file itself
CFGBooleanIndicator whether CFG (Control Flow Guard) is enabled at compilation time.
GSBooleanIndicator whether GS (Buffer Security Check [Guarded Stack]) is enabled at compilation time.
ASLRBooleanIndicator whether ASLR (Address space layout randomization) is enabled at compilation time.
NxcompatBooleanIndicator whether NX compatibility (Data Execution Prevention [No eXecute]) is enabled at compilation time.
SEHBooleanIndicator whether SEH (Structured Exception Handler) is enabled at compilation time.
IsDotnetBooleanWhether the executable file is using the .NET framework
Digitally SignedBooleanWhether the digital signature is verified or not.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard

Similarity Search Filters

In addition to advanced technology, Similarity Search provides multi filtering search parameters. This feature offers greater flexibility and ensures that users receive the most accurate and relevant results for their specific needs.

Query filters
Non Query filters
Field nameTypePossible valuesExampleDescriptionRequired
SHA-256StringNumberYes
Submission dataDate2023-01-17T12:17:20.000ZNumberOptional
Final VerdictStringMALICIOUS, LIKELY_MALICIOUS, INFORMATIONAL, SUSPICIOUS, BENIGN, UNKNOWNMALICIOUSVerdict of a fileOptional
TagsStringpeexe,xmlTags of a fileOptional
ThresholdNumber1 to 100 any integerNumber

Similarity threshold 0% to 100%

Higher score means higher similarity

Optional
LimitNumber1 to 100 any integerNumberNumber of returnsOptional
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Reputation Lookup

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
PE Similarity SearchPE fieldsSimilarity Search Filters