relevant methodologies

• ssdeep: generate fuzzy hash
• sdhash
• imphash: MD5 hash based on IAT (pe.get_imphash())
• impfuzzy: ssdeep hash based on IAT
• Trend Micro Locality Sensitive Hashing
• BinDiff

Graph Hash

basic concepts

• Call Graph Pattern (DFS)
• Call Graph: {Vertices, Edges}
• Vertices: functions
• Edges: {A, B} (func A calls func B)

vertex value

references

• trendmicro’s blog
• 2019 hitb’s slides
• imphash