Class ImportHash

Namespace

AsmResolver.PE.Imports

Assembly

AsmResolver.PE.dll

Provides an implementation of the import hash (ImpHash) introduced by Mandiant.

Reference: https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html

public static class ImportHash

Inheritance

object

ImportHash

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Methods

GetImportHash(PEImage)

Computes the hash of all imported symbols.

public static byte[] GetImportHash(this PEImage image)

Parameters

image PEImage

The image to get the import hash from.

Returns

byte[]

The hash.

Remarks

This is the ImpHash as introduced by Mandiant. Reference: https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html

GetImportHash(PEImage, ISymbolResolver)

Computes the hash of all imported symbols.

public static byte[] GetImportHash(this PEImage image, ISymbolResolver symbolResolver)

Parameters

image PEImage

The image to get the import hash from.

symbolResolver ISymbolResolver

The object responsible for resolving symbols imported by ordinal.

Returns

byte[]

The hash.

Remarks

This is the ImpHash as introduced by Mandiant. Reference: https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html