Search terms can be used to search for samples based on a wide array of features. A list of available search terms can be found in the Search Help menu below the search bar. Common terms are listed at the top with for easy access.
Term Prefix
When using a search term the term prefix and the term must be separated with a :.
The following example demonstrates the use of the sha256 prefix used to search for a sample by hash.
sha256:d810f4839d7ff9c72d913e7bca64d004aaecc049cbfeffbc4f296abc364f58b2
Quoted Terms
Terms that accept strings must be encapsulated in quotes. Quotes in the search string itself can be escaped using a backslash \.
The following example demonstrates a search for the ascii string foo.
ascii.string:"foo"
Binary Search (Bytes)
It is possible to search for raw binary data using the bytes term. The term accept hex-encoded data encapsulated in braces {}.
The following example demonstrates a search for the AES big constant bytes A5 63 63 C6 84 7C 7C F8.
bytes:{A5 63 63 C6 84 7C 7C F8}
File Hashes
Though the search supports the term prefixes sha256, sha1, and md5 the prefixes are optional. Hashes are automatically detected in the search bar and do not require a prefix.