EUA
commented
7 years ago I am not sure about it. Current comparing function makes 1:1 comparison. Doesn't it enough for files that has not changed their length?
Open MikhailKasimov opened 7 years ago
EUA
commented
7 years ago I am not sure about it. Current comparing function makes 1:1 comparison. Doesn't it enough for files that has not changed their length?
MikhailKasimov
commented
7 years ago In common way yes, but ssdeep can be useful on parsing the couple of samples.
E.g.: full ssdeep: 768:Real5LM2w2+gNgG7LJIjX4v6ZD/Pi2sM4LnBIyT+MYWkv60lM:Rpro2wjgR7q/3i2sMuBDTYWk0
To parse:
768: then 768:Real then 768:Real5LM2 and so on to try to find potentially similar samples to make: 1) antivirus detection more reliable 2) viral forensic more complex.
EUA
commented
7 years ago This could be OK but definitely not on my priority list.
MikhailKasimov
commented
7 years ago Ok, no problem at all.
Hello!
Add fuzzy hashing (ssdeep) support in Tools -> Calculate Checksum.
[1] http://ssdeep.sourceforge.net/ [2] https://github.com/jessek/ssdeep
This can be useful on analyzing similar files.