Malware Analysis – Generating Malware Hashes

What Is Malware Hashing?

  • Malware hashing is the process of generating cryptographic hashes for the file content of the target malware. We are hashing the malware file.
  • The hashing algorithms used in malware identification are:
      • MD5
      • SHA-1
      • SHA-256
  • The hashing process gives us a unique digest known as a fingerprint.
  • This means we can create unique fingerprints for malware samples. 

Why Should You Hash?

  • For accurate identification of malware samples, rather than using file names for malware. Hashes are unique.
  • Hashes are used to identify malware on malware analysis sites. (Virus Total).
  • Hashes can be used to search for any previous detection or for checking online if the sample has been analyzed by other researchers. 

 

Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *