The Latest in IT Security

VirusTotal Introduces “imphash” for Portable Executables

04
Feb
2014

VirusTotal has introduced a new feature for portable executable (PE) files. Its called imphash and it stands for import hash.

The imphash feature has been utilized by IT security firm Mandiant for tracking the backdoors of specific threat groups. The hashes are created based on library/API names and their specific order within a PE file.

The imphash value can be used to identify malware samples that are related to one another. It can…

Related posts:
  1. VirusTotal Used to Identify Malware Authors
  2. Searching With VirusTotal
  3. VirusTotal Launches Uploader Utility for Mac OS X
  4. Microsoft Seizes No-IP Domain Names Without Notice
  5. Portable LibreSSL appears as project inches towards prime time

Tags:  
Written by Softpedia
0 Comments
Comments are closed.

Categories

TUESDAY, APRIL 23, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments