Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: sowhat-x on February 20, 2008, 06:06:11 pm

Title: Miss Identify
Post by: sowhat-x on February 20, 2008, 06:06:11 pm
http://missidentify.sourceforge.net/
From Jesse Kornblum,known to the public via his md5deep/ssdeep tools...
His blog also here:
http://jessekornblum.livejournal.com/

P.S:...haven't looked at the src yet,but well,it's just the very 1st release:
Which means,don't expect it to detect all kind of renamed .exes,
that were previously processed with exotic packers...
Eg.note the following in the 'BUGS' section of the man page...
''The program can be fooled by any file with more than 1024 bytes,
between the MZ header and the PE header.
''
Title: Re: Miss Identify
Post by: sowhat-x on April 04, 2008, 02:44:47 pm
ssdeep just got updated today to v2.0 for those interested...
http://ssdeep.sourceforge.net/changes.txt

Have a look as well in the following paper from Shadowserver Foundation...
as it also gives a pretty good idea regarding 'fuzzy hashing' and malware:
http://jessekornblum.livejournal.com/240268.html
http://www.shadowserver.org/wiki/uploads/Information/RBN_Rizing.pdf