Hashing
A fingerprint for malware
What is Hashing?
A common method used to uniquely identify malware
The malicious software is run through a hashing program that produces a unique hash that identifies that malware (a sort of fingerprint)
Hashes
MD5 or SHA-1
Condenses a file of any size down to a fixed-length fingerprint
Uniquely identifies a file well in practice
There are MD5 collisions but they are not common
Collision: two different files with the same hash
Hash Uses
Label a malware file
Share the hash with other analysts to identify malware
Search the hash online to see if someone else has already identified the file
Tool: HashCalc
Last updated