What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » MD5 Virus Hashes

MD5 Virus Hashes
Author: Message:
DJeX
Veteran Member
*****

Avatar


Posts: 1138
Reputation: 11
– / Male / –
Joined: Jul 2003
O.P. MD5 Virus Hashes
How could I get the MD5 hashes of MSN Messenger viruses with out actually finding the virus, downloaidng and running it then hashing the files my self?

Is there a site maybe?
[Image: top.gif]
12-14-2005 03:57 AM
Profile PM Web Find Quote Report
Eljay
Elite Member
*****

Avatar
:O

Posts: 2949
Reputation: 77
– / Male / –
Joined: May 2004
RE: MD5 Virus Hashes
why would you need to run it to hash it?
12-14-2005 12:03 PM
Profile PM Find Quote Report
Ezra
Veteran Member
*****

Avatar
Forgiveness is between them and God

Posts: 1960
Reputation: 31
37 / Male / Flag
Joined: Mar 2003
RE: MD5 Virus Hashes
To create a simple virusscanner maybe?

And, I have no idea, sorry...

Tried google?

EDIT: Read Eljay's post wrong :P nvm :d

This post was edited on 12-14-2005 at 01:48 PM by Ezra.
[Image: 1-0.png]
             
12-14-2005 01:45 PM
Profile PM Web Find Quote Report
RaceProUK
Elite Member
*****

Avatar

Posts: 6073
Reputation: 57
39 / Male / Flag
Joined: Oct 2003
RE: MD5 Virus Hashes
If you know the type of the virus, do the various anti-virus databases have the hashes?
[Image: spartaafk.png]
12-14-2005 02:02 PM
Profile PM Web Find Quote Report
segosa
Community's Choice
*****


Posts: 1407
Reputation: 92
Joined: Feb 2003
RE: RE: MD5 Virus Hashes
quote:
Originally posted by raceprouk
If you know the type of the virus, do the various anti-virus databases have the hashes?


I've never seen a single AV database/site tell you the hashes unfortunately.
The previous sentence is false. The following sentence is true.
12-14-2005 06:28 PM
Profile PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: MD5 Virus Hashes
quote:
Originally posted by Eljay
why would you need to run it to hash it?
indeed. To calculate a hash you don't need to run anything.Hashes are calculated from data. Running a file and calculating a hash are two totally different and totally unrelated things.

quote:
Originally posted by segosa
quote:
Originally posted by raceprouk
If you know the type of the virus, do the various anti-virus databases have the hashes?

I've never seen a single AV database/site tell you the hashes unfortunately.
indeed. Because virusses are not detected by "hashes" but by "signatures".

quote:
Originally posted by DJeX
How could I get the MD5 hashes of MSN Messenger viruses with out actually finding the virus, downloaidng and running it then hashing the files my self?

Is there a site maybe?
Having them wont do anything good TBH.

A virus quite often (also MSN Messenger virusses) comes in different flavors. This means you need to have many hashes to identify the same virus. Not to mention it is extremely easy to simply edit 1 single byte in the infected file or virus file and the "hash-detection" wouldn't detect the file at all as a virus.

Also, some virusses infect programs. This means you must have billions of hashes for such a virus.

Virusses are not detected with hashes (well, not in the strict sense). They are detected by signatures. A signature could be a hash, but in almost all case it is not.

You could use hashes, but the hash would only be calculated from certain bytes within the file, not from all bytes (like 99,99999999% of all (MD5) hashes are calculated). And the location of those bytes quite often is different from infected file to infected file.

In short: it is quite useless to have them....

when I talk about a hash in this post, I mean a hash as calculated by almost all programs, thus from offset 0 to offset <LOF> of the file.

This post was edited on 12-14-2005 at 11:16 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
12-14-2005 11:10 PM
Profile PM Find Quote Report
DJeX
Veteran Member
*****

Avatar


Posts: 1138
Reputation: 11
– / Male / –
Joined: Jul 2003
O.P. RE: MD5 Virus Hashes
quote:
Originally posted by CookieRevised
They are detected by signatures.

Ok then tell me how to do this.
[Image: top.gif]
12-14-2005 11:14 PM
Profile PM Web Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: RE: MD5 Virus Hashes
quote:
Originally posted by DJeX
quote:
Originally posted by CookieRevised
They are detected by signatures.
Ok then tell me how to do this.
Compare a not infected file with an infected file. The difference is your virus. Do this for multiple infected files (from the same virus) and the common same bytes are your signature. This is extremely simple explained though, but it is the basic principle.

To make proper signatures, you must be very fluent in hex editing, understanding executable file formats, knowing ASM, etc.. etc.. In other words, you must have a deep knowledge of how programs are executed and stuff. In fact, what you ask is exactly what professional virus companies do ;)

This post was edited on 12-14-2005 at 11:22 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
12-14-2005 11:20 PM
Profile PM Find Quote Report
DJeX
Veteran Member
*****

Avatar


Posts: 1138
Reputation: 11
– / Male / –
Joined: Jul 2003
O.P. RE: MD5 Virus Hashes
Ahh I see

* DJeX Crosses 'MSN Virus Removal program' off his future programs to code list.

* DJeX Moves on to SpyWare remover... but relises it's almost the same as spy ware *crosses that off list*.
[Image: top.gif]
12-15-2005 12:50 AM
Profile PM Web Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On