> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MalQuery Exact Search

Search the malware corpus for exact binary patterns and strings with byte-level precision.

<Note>
  External Documentation

  To learn more, visit the [CrowdStrike documentation](https://falcon.us-2.crowdstrike.com/documentation/page/ea96c592/malquery-apis#x19e9c22).
</Note>

## Basic Parameters

<div className="integrations-table">
  | Parameter | Description                                                                                                                                                                                                                                                                                                                                                                                                                  |
  | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Patterns  | Specify an array of hex patterns or strings to search for within file contents at the byte level.<br /><br />Each pattern should be an object with "type" and "value" fields. For example:<br /><pre><code>\[<br />  \{<br />    "type":"hex",<br />    "value":"8948208b480833ca33f989502489482889782c8bd7"<br />  },<br />  \{<br />    "type":"ascii",<br />    "value":"suspicious\_string"<br />  }<br />]</code></pre> |
</div>

## Advanced Parameters

<div className="integrations-table">
  | Parameter       | Description                                                                                                                                                                                                 |
  | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | File Types      | A comma-separated list of file types to restrict search results by.<br /><br />For example:<br />\* `EMAIL`<br />\* `PCAP`<br />\* `PDF`<br />\* `PE32`                                                     |
  | Limit           | The maximum number of matching files to return in the response.                                                                                                                                             |
  | Max Date        | Only include files first observed before this date.                                                                                                                                                         |
  | Max Size        | Only include files smaller than this size. Accepts values in bytes or with units.<br /><br />For example:<br />\* `128000`<br />\* `1.3KB`<br />\* `8MB`<br />\* `2GB`                                      |
  | Metadata Fields | A comma-separated list of metadata fields to include in results.<br /><br />For example:<br />\* `sha256`<br />\* `md5`<br />\* `type`<br />\* `size`<br />\* `first_seen`<br />\* `label`<br />\* `family` |
  | Min Date        | Only include files first observed after this date.                                                                                                                                                          |
  | Min Size        | Only include files larger than this size. Accepts values in bytes or with units.<br /><br />For example:<br />\* `128000`<br />\* `1.3KB`<br />\* `8MB`<br />\* `2GB`                                       |
</div>

## Example Output

```json theme={"dark"}
{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string",
			"type": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"reqid": "Request ID returned after creating a hunt or exact search",
		"status": "Request status. Possible values: inprogress, failed, done",
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"family": "Sample family",
			"filesize": 0,
			"filetype": "Sample file type",
			"first_seen": "Date when it was first seen",
			"ignore_reason": "Reason why the resource is ignored",
			"label": "Sample label",
			"label_confidence": "Resource label confidence",
			"md5": "Sample MD5",
			"pattern": "Search pattern",
			"pattern_type": "Search pattern type",
			"samples": [
				{
					"family": "Sample family",
					"filesize": 0,
					"filetype": "Sample file type",
					"first_seen": "Date when it was first seen",
					"label": "Sample label",
					"md5": "Sample MD5",
					"sha1": "Sample SHA1",
					"sha256": "Sample SHA256"
				}
			],
			"sha1": "Sample SHA1",
			"sha256": "Sample SHA256",
			"tags": [
				"string"
			],
			"yara_rule": "Search YARA rule",
			"yara_rules": [
				"string"
			]
		}
	]
}
```

## Workflow Library Example

[Malquery Exact Search with Crowdstrike and Send Results Via Email](https://library.blinkops.com/workflows/malquery-exact-search-with-crowdstrike-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/malquery-exact-search-with-crowdstrike-and-send-results-via-email/canvas" />
</div>
