iathashing

Changing the rotation value used for calculating the function name hash may help bypassing anti-virus products that are using ROR13 hashes as signature ...

Checking the hash of the Import Address Table (IAT) is the plan, since when malware code is built, the linker generates and builds the IAT based on the sequence ...

2023年9月6日 — API Hashing: The Solution for Malware Developers. To counteract the transparency that the IAT provides, malware authors have devised API hashing ...

2019年10月29日 — One technique is rather than populate the IAT once the malware is unpacked, they obfuscate or hash the names of the Windows API and then ...

2021年1月13日 — 在本文中，我们将为大家介绍一种称为API Hashing的技术，恶意软件开发者通常利用这种技术来隐藏从PE的IAT中导入的可疑WindowsAPI，从而提高恶意软件的 ...

This is typically done by using a technique called API hashing, which replaces the names of API functions with a hashed value. When an analyst runs the malware ...

API hashing is simply an arbitrary (that we can make up on our own) function / algorithm, that calculates a hash value for a given text string. In our case, we ...

2014年1月23日 — To track these imports, Mandiant creates a hash based on library/API names and their specific order within the executable. We refer to this ...

Import hash (IMPHASH) is generated based on the Import Address Table (IAT) in a portable executable (PE) File. Source publication. Fig. 1 YARA rules: syntax and ...