Class TypeReferenceHash

Namespace: AsmResolver.PE.DotNet.Metadata.Tables

Assembly: AsmResolver.PE.dll

Provides an implementation for the Type Reference Hash (TRH) as introduced by GData. This hash is used as an alternative to the ImpHash to identify malware families based on the type references imported by the .NET image.

Reference: https://www.gdatasoftware.com/blog/2020/06/36164-introducing-the-typerefhash-trh

public static class TypeReferenceHash

Inheritance: object

TypeReferenceHash

Inherited Members: object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Methods

GetTypeReferenceHash(MetadataDirectory)

Computes the Type Reference Hash (TRH) as introduced by GData to identify malware based on its imported type references.

public static byte[] GetTypeReferenceHash(this MetadataDirectory metadata)

Parameters

metadata MetadataDirectory: The metadata directory to get the TRH from.

Returns

byte[]: The hash.

Exceptions

ArgumentException: Occurs when the provided image does not contain .NET metadata.

GetTypeReferenceHash(PEImage)

If the provided image is a .NET image, computes the Type Reference Hash (TRH) as introduced by GData to identify malware based on its imported type references.

public static byte[] GetTypeReferenceHash(this PEImage image)

Parameters

image PEImage: The image to get the TRH from.

Returns

byte[]: The hash.

Exceptions

ArgumentException: Occurs when the provided image does not contain .NET metadata.

Table of Contents

Class TypeReferenceHash

Methods

GetTypeReferenceHash(MetadataDirectory)

Parameters

Returns

Exceptions

GetTypeReferenceHash(PEImage)

Parameters

Returns

Exceptions