# Hashing

## What is Hashing?

* A common method used to uniquely identify malware
* The malicious software is run through a hashing program that produces a unique hash that identifies that malware (a sort of fingerprint)

### Hashes

* MD5 or SHA-1
* Condenses a file of any size down to a fixed-length fingerprint
* Uniquely identifies a file well in practice
  * There are MD5 collisions but they are not common
  * Collision: two different files with the same hash

### Hash Uses

* Label a malware file
* Share the hash with other analysts to identify malware
* Search the hash online to see if someone else has already identified the file

Tool: HashCalc