Author Topic: Miss Identify  (Read 3269 times)

0 Members and 1 Guest are viewing this topic.

February 20, 2008, 06:06:11 pm
Read 3269 times

sowhat-x

  • Guest
http://missidentify.sourceforge.net/
From Jesse Kornblum,known to the public via his md5deep/ssdeep tools...
His blog also here:
http://jessekornblum.livejournal.com/

P.S:...haven't looked at the src yet,but well,it's just the very 1st release:
Which means,don't expect it to detect all kind of renamed .exes,
that were previously processed with exotic packers...
Eg.note the following in the 'BUGS' section of the man page...
''The program can be fooled by any file with more than 1024 bytes,
between the MZ header and the PE header.
''

April 04, 2008, 02:44:47 pm
Reply #1

sowhat-x

  • Guest
ssdeep just got updated today to v2.0 for those interested...
http://ssdeep.sourceforge.net/changes.txt

Have a look as well in the following paper from Shadowserver Foundation...
as it also gives a pretty good idea regarding 'fuzzy hashing' and malware:
http://jessekornblum.livejournal.com/240268.html
http://www.shadowserver.org/wiki/uploads/Information/RBN_Rizing.pdf