This topic provides example Binary Search query strings and their results.

Example Query Strings

Result

md5:5a18f00ab9330ac7539675f326cf11

Returns all binaries with matching MD5 hash values.

digsig_publisher:Oracle

Returns all binaries with a digital signature publisher field with a matching name.

digsig_issues:VeriSign

Returns all binaries with a digital signature issuer field with a matching name.

digsig_subject:Oracle

Returns all binaries with a digital signature subject field with a matching name.

digsig_prog_name:Java

Returns all binaries with a digital signature program name field with a matching name.

digsig_result:Expired

Returns all binaries with a digital signature status of <status> .

digsig_sign_time:2011-12-31

Returns all binaries with a digital signature date of 2011-12-31.

digsig_sign_time:[* TO 2011-12-31]

Returns all binaries with a digital signature date earlier than or equal to 2011-12-31.

digsig_sign_time:[2011-12-31 TO *]

Returns all binaries with a digital signature date later than or equal to 2011-12-31.

digsig_sign_time:*

Returns binaries with any digital signature date.

digsig_sign_time:[* TO *]

Returns binaries with any digital signature date within the range provided.

digsig_sign_time:-10h

Returns all binaries with a start time between NOW-10h and NOW. Units supported are h: hours, m: minutes, s: seconds.

<type>_version:7.0.170.2

Returns all binaries with matching version, where <type> is product or file.

product_name:Java

Returns all binaries with matching product name.

company_name:Oracle

Returns all binaries with matching company name.

internal_name:java

Returns all binaries with matching internal name.

original_filename:mtxoci.dll

Returns all binaries with matching filename.

observed_filename:c:\windows\system32\mtxoci.dll

Returns all binaries that have been observed to run on or were loaded with the given path.

<type>_mod_len:[* TO 10]

Returns all binaries that have <type>_mod_len (module length in bytes) field < 4096, where type is original or copied.

<type>_desc:“database support”

Returns all binaries that have <type>_desc field with matching text, where type is file or product.

legal_<type>:Microsoft

Returns all binaries with matching legal_<type> field text, where type is trademark or copyright.

<type>_build:“Public version”

Returns all binaries with matching <type>_build field text, where type is special or private.

is_executable_image:True or False

Boolean search (case insensitive) returning all binaries that are executable or not executable.

is_64bit_:True or False

Boolean search (case insensitive) returning all binaries that are 64-bit or not 64-bit.

watchlist_4:[2014-04-01 TO 2014-09-31]

Returns all binaries that matched watchlist 4 during the time period shown.