Open MikhailKasimov opened 7 years ago
I am not sure about it. Current comparing function makes 1:1 comparison. Doesn't it enough for files that has not changed their length?
In common way yes, but ssdeep can be useful on parsing the couple of samples.
E.g.: full ssdeep: 768:Real5LM2w2+gNgG7LJIjX4v6ZD/Pi2sM4LnBIyT+MYWkv60lM:Rpro2wjgR7q/3i2sMuBDTYWk0
To parse:
768:
then 768:Real
then 768:Real5LM2
and so on to try to find potentially similar samples to make: 1) antivirus detection more reliable 2) viral forensic more complex.
This could be OK but definitely not on my priority list.
Ok, no problem at all.
Hello!
Add fuzzy hashing (ssdeep) support in Tools -> Calculate Checksum.
[1] http://ssdeep.sourceforge.net/ [2] https://github.com/jessek/ssdeep
This can be useful on analyzing similar files.