Add initial MileRAT hashing algo #48

Still34 · 2023-11-17T08:20:45Z

No description provided.

Signed-off-by: Still Hsu <[email protected]>

Still34 · 2023-11-17T08:25:04Z

Not entirely sure what's causing the failure here - help appreciated

herrcore · 2023-11-17T09:00:06Z

Not entirely sure what's causing the failure here - help appreciated

This algorithm already exists

Line 25 in fef3215

TEST_1 = 150583839

You can hunt for hashes using the hunt endpoint https://hashdb.openanalysis.net/#tag/hunt if the hashes used by this algo do not show up please log a bug.

For future reference there is a test that will automatically check for hash algorithm collisions that you can run locally (step 6)

Still34 · 2023-11-17T09:23:34Z

Huh, yeah, the main reason why I created this PR in the first place is that it did not show up on the hunted results. Strange.

Still34 · 2023-11-17T09:24:32Z

For reference, GetProcAddress == 0x1AB9B854 in the actual code.

Still34 · 2023-11-17T09:27:00Z

Yeah, I could not get any hits with existing algos - might be caused by the extra & 0x7FFFFFFF?

Edit: Some of the hashes would hit the aforementioned MUL 0x83, but some won't.

Still34 added 2 commits November 17, 2023 16:19

Add initial MileRAT hashing algo

caf4ade

Signed-off-by: Still Hsu <[email protected]>

Replace use of ord()

af06c73

Signed-off-by: Still Hsu <[email protected]>

herrcore closed this Nov 17, 2023

Provide feedback