jessekornblum (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} jessekornblum) wrote,@ 2009-07-21 21:58:00 |
|
Fuzzy Hashing version 2.2
Good news everybody! I've published a new version of the ssdeep program for fuzzy hashing. The new version adds a long-requested feature: the capability to compare files of previously generated signatures. That is, let's say you compute some lists of fuzzy hashes like this:
C:\> ssdeep -r C: > list1.txt
C:\> ssdeep -r D:\Malware Samples > list2.txt
C:\> ssdeep -r E:\Temp\New Malware > list3.txt
You can now find any similar files in those two lists like this:
C:\> ssdeep -x list1.txt list2.txt list3.txt
list1:C:\Windows\System32\ntoskrn1.exe matches list2:D:\Malware Samples\VIRUS.EXE (83)
Notice the filename of the known hashes is given in the output along with the matching filenames.
Good news everybody! I've published a new version of the ssdeep program for fuzzy hashing. The new version adds a long-requested feature: the capability to compare files of previously generated signatures. That is, let's say you compute some lists of fuzzy hashes like this:
C:\> ssdeep -r C: > list1.txt
C:\> ssdeep -r D:\Malware Samples > list2.txt
C:\> ssdeep -r E:\Temp\New Malware > list3.txt
You can now find any similar files in those two lists like this:
C:\> ssdeep -x list1.txt list2.txt list3.txt
list1:C:\Windows\System32\ntoskrn1.exe matches list2:D:\Malware Samples\VIRUS.EXE (83)
Notice the filename of the known hashes is given in the output along with the matching filenames.
