Overview Integrations Release Notes Operational Guide Backend OPSWAT Filescan API Reference v1
Getting Started
Support
Operational Guide
1.9.1
Search this version
Operational Guide
Operational Guide
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
PE Similarity Search
Copy Markdown
Open in ChatGPT
Open in Claude
PE fields
These features are carefully selected based on their ability to provide accurate and relevant results, and they are continuously updated to stay current with the latest malware trends and techniques.
Numeric Fields
Binary metadata
Version info
Pdb guid
Compilers
Sections
Resources
Extracted
Imports
Certificates
Threat Indicators
| Field name | Type | Description |
|---|---|---|
| File size | Number | Size of the input file |
| Unix timestamp | Number | A timestamp showing when the file was compiled |
| File characteristic | Number | Characteristics defining the behavior of the PE |
| DLL characteristic | Number | Features which make a PE actually portable in memory |
| Subsystem | Number | Defines whether the PE is made to be a Console or UI application |
| Image base | Number | “Base” address used if relocation doesn’t happen |
| Linker version(major) | Number | What version of linker what used at compilation time |
| Linker version(minor) | Number | What version of linker what used at compilation time |
| Entry point section entropy | Number | Entropy of the section where the entry point resides |
| Section number | Number | Number of sections present in the PE |
| Resource number | Number | Number of resources present in the PE |
| Resources to file ratio | Number | Ratio between the size of the resources & the file itself |
| CFG | Boolean | Indicator whether CFG (Control Flow Guard) is enabled at compilation time. |
| GS | Boolean | Indicator whether GS (Buffer Security Check [Guarded Stack]) is enabled at compilation time. |
| ASLR | Boolean | Indicator whether ASLR (Address space layout randomization) is enabled at compilation time. |
| Nxcompat | Boolean | Indicator whether NX compatibility (Data Execution Prevention [No eXecute]) is enabled at compilation time. |
| SEH | Boolean | Indicator whether SEH (Structured Exception Handler) is enabled at compilation time. |
| IsDotnet | Boolean | Whether the executable file is using the .NET framework |
| Digitally Signed | Boolean | Whether the digital signature is verified or not. |
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Similarity Search Filters
In addition to advanced technology, Similarity Search provides multi filtering search parameters. This feature offers greater flexibility and ensures that users receive the most accurate and relevant results for their specific needs.
Query filters
Non Query filters
| Field name | Type | Possible values | Example | Description | Required |
|---|---|---|---|---|---|
| SHA-256 | String | Number | Yes | ||
| Submission data | Date | 2023-01-17T12:17:20.000Z | Number | Optional | |
| Final Verdict | String | MALICIOUS, LIKELY_MALICIOUS, INFORMATIONAL, SUSPICIOUS, BENIGN, UNKNOWN | MALICIOUS | Verdict of a file | Optional |
| Tags | String | peexe,xml | Tags of a file | Optional | |
| Threshold | Number | 1 to 100 any integer | Number | Similarity threshold 0% to 100% Higher score means higher similarity | Optional |
| Limit | Number | 1 to 100 any integer | Number | Number of returns | Optional |
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
Reputation LookupSee the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
