Hashing

What is Hashing?

• A common method used to uniquely identify malware

• The malicious software is run through a hashing program that produces a unique hash that identifies that malware (a sort of fingerprint)

Hashes

• MD5 or SHA-1

• Condenses a file of any size down to a fixed-length fingerprint

• Uniquely identifies a file well in practice

  • There are MD5 collisions but they are not common

  • Collision: two different files with the same hash

Hash Uses

• Label a malware file

• Share the hash with other analysts to identify malware

• Search the hash online to see if someone else has already identified the file

Tool: HashCalc