A fingerprint for malware

What is Hashing?

  • A common method used to uniquely identify malware

  • The malicious software is run through a hashing program that produces a unique hash that identifies that malware (a sort of fingerprint)


  • MD5 or SHA-1

  • Condenses a file of any size down to a fixed-length fingerprint

  • Uniquely identifies a file well in practice

    • There are MD5 collisions but they are not common

    • Collision: two different files with the same hash

Hash Uses

  • Label a malware file

  • Share the hash with other analysts to identify malware

  • Search the hash online to see if someone else has already identified the file

Tool: HashCalc

Last updated