Malware Analysis - An overview of malware hashing algorithms

struppigel

Super Moderator

Thread author

Verified

Staff Member

Well-known

Oct 7, 2021

VirusTotal's "Basic Properties" tab alone lists eight different hashes and supports even more to use them for queries and hunt signatures. Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which hash function?

All your hashes are belong to us

Hashes are important for malware analysis, as well as identification, description and detection. But why do so many of them exist and when should you use which hash function? Karsten shines a light on this question for you.

www.gdatasoftware.com

Covered topics:

Cryptographic hashes: MD5, SHA-1, SHA-256
Fuzzy Hashes: dcfldd, ssdeep, TLSH, mvHash-B
Control Flow Graph hashing: Machoc and Machoke
Import hashing: ImpHash, TypeRefHash and ImpFuzzy
Human readable hash: Humanhash
Image similarity: aHash, pHash, dHash
Digital certificates: Authentihash
Rich PE Header hashes: Rich, RichPV

Reactions: SeriousHoax, Andy Ful, Gandalf_The_Grey and 3 others

Search

Malware Analysis An overview of malware hashing algorithms

struppigel

Super Moderator

All your hashes are belong to us

Similar threads