-1

I was watching a video from one of the youtube channel on reverse engineering. One of the topic is how to get free malware for static analysis.

During the discussion, it was mentioned that people can "provide a malware file" if you could provide "hashes".

My understanding is, to know the hash itself, don't you need file? Can you someone please help me what this means? thanks!

kosa
  • 99
  • 1
  • 1
    Is it possible that they are considering the situation where someone else tells you the hash of the file? – tlng05 Dec 18 '18 at 23:51
  • The hashes are used like an index lookup for organizations with malware samples. If you're interested in a particular sample, it's likely because you are collaborating with someone else who has already worked with the sample, and they would publish it or tell you what that hash is. Be advised that watching a YouTube channel is not likely to be enough training to safely handle live malware. Learn what you can, but you'll want to collaborate with others to learn how to safely handle them or you risk infecting yourself and others, or making yourself the target of it's author. – nbering Dec 19 '18 at 06:06
  • @nbering "Be advised that watching a YouTube channel is not likely to be enough training to safely handle live malware." I completely agree with and not in a stage to jump into action yet because as you said, I am not comfortable enough to try anything yet. Trying to understand the terminology first. "you'll want to collaborate with others to learn how to safely handle them" -- This is the phase I am in, trying to understand how "reverse engineers" work. Any pointers on the "collaboration" part? thanks! – kosa Dec 19 '18 at 18:24
  • It depends. I think for many researchers they would get some level of mentorship either through an academic institution or an employer. If you’re going it alone there may be groups of independents that you could tap into. I’m not sure where you are in your career. Malware reversing is particularly hazardous - it might be easier to start with more conventional software development - or even just try reversing some completely benign software samples and see how they work, rather than getting straight into the dangerous stuff. – nbering Dec 19 '18 at 19:10
  • @nbering that is great suggestion, thanks! I have been coding since 15 years and have done good amount of reverse engineering to code algorithms done in one language to another language. Debugging/reverse engineering are one of my strengths, but at human readable coding language level (haven't done much at assembly language level). "Malware reversing is particularly hazardous" - this idea is what kept me away from jumping into this area till now. Infrastructure and security are my interesting areas, with coding knowledge I am thinking of going alone to get a feel. – kosa Dec 19 '18 at 19:28
  • 1
    @nbering Because I am alone at this point and I feel like malware is something like electricity and if touch it without knowing what you are doing could lead to more issues is what keeping me away from trying on it so far, which is why looking at & reading different analysts experiences to get a feel and understand how they are doing and I can get it into safely and practice it safely. Appreciate all your pointers. – kosa Dec 19 '18 at 19:32

1 Answers1

0

Of course you need the actual file to get its hash to begin with. Other methods of getting the hash is through googling or going to sites that publicly disclose malware.

For your reference: Where to download thousands of virus samples for AV testing?

Resonce
  • 78
  • 8
  • Ok, thanks! so if I understand correctly, what you are suggesting is, first find the malware you want analyze, then find the hash (because you don't have access to malware yet), then reach out to community who might have the malware file. They use the hash to make sure that is malware I am looking for. Is this flow correct? – kosa Dec 19 '18 at 18:27