I have Import Hash (Imphash) matches for some executables and dlls in my environment like teams update.exe, outlook.exe and other microsoft provided dlls apart from non-microsoft dlls too.
When I take the hash of the identified dlls and executables and look them up in virustotal or OTX they are not malicious, but the Imphash related to these dlls and executables are identified as malicious.
What does it mean to get a Imphash match in case the executable or dll associated with the Imphash are not malicious ?
