Kaspersky CyberTrace

File hashes search

27 February 2024

ID 172902

You can search for file hashes by selecting the File tab after selecting the Search tab.

The Search → File tab.

The File tab

Search for objects

You can specify one or more files. The search will be done for the MD5 hashes of these files.

To search for file hashes:

  1. Select the files that you want to search for. Do one of the following:
    • Click the Select files button, and then select the log files.
    • Drag the log files into the colored area.
  2. Click the Search button.

The search result will appear below in the Summary section.

Search result

After a search is performed, CyberTrace Web displays the result in the Summary section.

File hashes search result section in CyberTrace.

The Summary section

The search result consists of the following data:

  • Number of processed hash files
  • Number of detected indicators
  • Number of detections for each category

For every checked file hash, the following information is displayed:

  • File name
  • MD5 file hash

    The file hash is linked to detailed information about the object.

  • Fields of feed records that matched the indicator
  • Message that there is no detection (if the file hash is not detected)

If no information is found for the requested indicator, a message about this appears. This message displays a link that redirects you to the search page of Kaspersky Threat Intelligence Portal.

If you run a search and then switch to another tab, the search results will become available in the search request history.

Downloading search reports

You can download a report with the results of the search operation. The report is a .csv file.

To download a report,

Click the Download report link, and then specify the directory to which you want to save the report.

A full report about a search result has the following fields:

  • file_name—Name of the file whose hash is detected
  • detected_indicator—The detected hash
  • category—Category of the detected hash
  • Context fields from the feed

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.