Similarity Search - Introduction

Our ML-Based Similarity Search leverages advanced feature extraction techniques to identify and correlate unknown threats with known malware families. By analyzing behavioral patterns, code structures, and static attributes, our machine learning models detect even evasive or zero-day threats that traditional signature-based methods may miss.

This capability enables security teams to quickly pivot between related threats, uncover hidden malware clusters, and enhance threat hunting efficiency—making it a powerful tool for identifying and responding to emerging cyber threats.

Portable Executable type

These features are carefully selected based on their ability to provide accurate and relevant results, and they are continuously updated to stay current with the latest malware trends and techniques.

Binary metadata
Certificates
Characteristic
Disassembly sections
Dotnet info
Header info
Extracted
Threat Indicators
Field nameTypeDescription
LanguageStringWhat speaking language does the binary target
Entry point section nameStringName of the section where the entry point of the PE resides. It’s a calculated value, based on the supplied entry point address & section details.
Pdb pathStringPath of the PDB file on the compiler machine
DetectItEasyInfoStringInformation that has been extracted using DetectitEasy
Malware configStringMalware configuration refers to the settings and parameters within malicious software that dictate its behavior,
File sizeNumberSize of the input file
Unix timestampNumberA timestamp showing when the file was compiled
SubsystemNumberDefines whether the PE is made to be a Console or UI application
Section numberNumberNumber of sections present in the PE
Resource numberNumberNumber of resources present in the PE
Resources to file ratioNumberRatio between the size of the resources & the file itself
Digitally SignedBooleanWhether the digital signature is verified or not.
PackedBooleanWhether the input file is packed or not
Total exported functionsNumberIndicates the number of exported functions in a PE
Total imported functionsNumberIndicates the number of imported functions in a PE
Digital signature verificationStringWhether the digital signature is verified or not.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Pdb guid
Resources
Rich Header Compiler Ids
Sections
Strings
Imports
Version info
Field nameTypeDescription
Pdb guidStringGUID of the PDB associated with the binary
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard

Similarity Search Filters

In addition to advanced technology, Similarity Search provides multi filtering search parameters. This feature offers greater flexibility and ensures that users receive the most accurate and relevant results for their specific needs.

Query filters
Non Query filters
Field nameTypePossible valuesExampleDescriptionRequired
SHA-256StringNumberYes
Submission dataDate2023-01-17T12:17:20.000ZNumberOptional
Final VerdictStringMALICIOUS, LIKELY-MALICIOUS, NO-THREAT, SUSPICIOUS, BENIGN, UNKNOWNMALICIOUSVerdict of a fileOptional
TagsStringpeexe,xmlTags of a fileOptional
ThresholdNumber1 to 100 any integerNumber

Similarity threshold 0% to 100%

Higher score means higher similarity

Optional
LimitNumber1 to 100 any integerNumberNumber of returnsOptional
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Additional Scan Steps Settings

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
Similarity Search - IntroductionPortable Executable typeSimilarity Search Filters