wxHexEditor icon indicating copy to clipboard operation
wxHexEditor copied to clipboard
verified publisher icon EUA

Add fuzzy hashing (ssdeep) support in Tools -> Calculate Checksum

Open MikhailKasimov opened this issue 8 years ago • 4 comments

Hello!

Add fuzzy hashing (ssdeep) support in Tools -> Calculate Checksum.

[1] http://ssdeep.sourceforge.net/ [2] https://github.com/jessek/ssdeep

This can be useful on analyzing similar files.

MikhailKasimov avatar Aug 08 '17 00:08 MikhailKasimov

I am not sure about it. Current comparing function makes 1:1 comparison. Doesn't it enough for files that has not changed their length?

EUA avatar Aug 08 '17 02:08 EUA

In common way yes, but ssdeep can be useful on parsing the couple of samples.

E.g.: full ssdeep: 768:Real5LM2w2+gNgG7LJIjX4v6ZD/Pi2sM4LnBIyT+MYWkv60lM:Rpro2wjgR7q/3i2sMuBDTYWk0

To parse: 768: then 768:Real then 768:Real5LM2 and so on to try to find potentially similar samples to make: 1) antivirus detection more reliable 2) viral forensic more complex.

MikhailKasimov avatar Aug 08 '17 10:08 MikhailKasimov

This could be OK but definitely not on my priority list.

EUA avatar Aug 09 '17 23:08 EUA

Ok, no problem at all.

MikhailKasimov avatar Aug 09 '17 23:08 MikhailKasimov