quote:
Originally posted by Eljay
why would you need to run it to hash it?
indeed. To calculate a hash you don't need to run anything.Hashes are calculated from data. Running a file and calculating a hash are two totally different and totally unrelated things.
quote:
Originally posted by segosa
quote:
Originally posted by raceprouk
If you know the type of the virus, do the various anti-virus databases have the hashes?
I've never seen a single AV database/site tell you the hashes unfortunately.
indeed. Because virusses are not detected by "hashes" but by "signatures".
quote:
Originally posted by DJeX
How could I get the MD5 hashes of MSN Messenger viruses with out actually finding the virus, downloaidng and running it then hashing the files my self?
Is there a site maybe?
Having them wont do anything good TBH.
A virus quite often (also MSN Messenger virusses) comes in different flavors. This means you need to have many hashes to identify the same virus. Not to mention it is extremely easy to simply edit 1 single byte in the infected file or virus file and the "hash-detection" wouldn't detect the file at all as a virus.
Also, some virusses infect programs. This means you must have billions of hashes for such a virus.
Virusses are not detected with hashes (well, not in the strict sense). They are detected by signatures. A signature could be a hash, but in almost all case it is not.
You could use hashes, but the hash would only be calculated from certain bytes within the file, not from all bytes (like 99,99999999% of all (MD5) hashes are calculated). And the location of those bytes quite often is different from infected file to infected file.
In short: it is quite useless to have them....
when I talk about a hash in this post, I mean a hash as calculated by almost all programs, thus from offset 0 to offset <LOF> of the file.
/ 
