Example Queries

Example queries

Search by object features

object imphash (import table hashing)

>

object first seen time

>

Search by YARA rule name

>

Search by environment ID

>

Search by Authenticode

>

Search by network

Hostname

>

IP address (can include CIDR notation)

>

Search with combinations

>

How to go beyond the basics

There are ways you can expand on combinations and the anomalies you're looking for.

You can take a different approach by searching for objects that have statically or dynamically-extracted network information. For example, because binaries using libcurl have the string curl.haxx.se in them, you can go to the Objects view to find objects that contain that value using:

>