C# Class PeNet.ImpHash.ImportHash

Mandiant’s imphash convention requires the following: Resolving ordinals to function names when they appear. Converting both DLL names and function names to all lowercase. Removing the file extensions from imported module names. Building and storing the lowercased strings in an ordered list. Generating the MD5 hash of the ordered list. oleaut32, ws2_32 and wsock32 can resolve ordinals to functions names. The implementation is equal to the python module "pefile" 1.2.10-139 https://code.google.com/p/pefile/

Mostrar archivo Open project: secana/PeNet

Public Methods

Method	Description
ImportHash ( ICollection importedFunctions ) : System.Collections.Generic	Create an import hash object from the imported functions of a PE file.

Private Methods

Method	Description
ComputeImpHash ( ICollection importedFunctions ) : string
FormatFunctionName ( ImportFunction impFunc ) : string
FormatLibraryName ( string libraryName ) : string

Method Details

ImportHash() public method

Create an import hash object from the imported functions of a PE file.

public ImportHash ( ICollection importedFunctions ) : System.Collections.Generic
importedFunctions	ICollection
return	System.Collections.Generic