Malware Analysis – Generating Malware Hashes

Video Link

What Is Malware Hashing?

  • Malware hashing is the process of generating cryptographic hashes for the file content of the target malware. We are hashing the malware file.
  • The hashing algorithms used in malware identification are:
      • MD5
      • SHA-1
      • SHA-256
  • The hashing process gives us a unique digest known as a fingerprint.
  • This means we can create unique fingerprints for malware samples.

Why Should You Hash?

  • For accurate identification of malware samples, rather than using file names for malware. Hashes are unique.
  • Hashes are used to identify malware on malware analysis sites. (Virus Total).
  • Hashes can be used to search for any previous detection or for checking online if the sample has been analyzed by other researchers.