Cryptographic hash
Definition
A fixed-length digest produced from a file's bytes by an algorithm such as MD5 (128-bit), SHA-1 (160-bit), or SHA-256 (256-bit). Identical files always produce the same hash. Hashes are used to fingerprint malware samples, verify file integrity, and share indicators of compromise without distributing the sample itself.
Related terms
- C2PA (Coalition for Content Provenance and Authenticity)
- An open technical standard that embeds cryptographically signed provenance assertions into media files at the point of capture or editing. A C2PA...
- Disassembly
- The process of converting raw binary machine code back into human-readable assembly language instructions. Disassembly is always achievable from a binary, unlike...
- Import Address Table (IAT)
- A section of the PE header that lists every external DLL and the functions the executable calls from each. A malware sample's...
- Indicator of Compromise (IoC)
- An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
- NFT (non-fungible token)
- A unique cryptographic token on a blockchain associated with a reference to a media asset. NFTs record ownership transfers and can carry...
- Oracle problem
- In blockchain contexts, the gap between what the ledger records and the real-world state it is meant to represent. A blockchain has...
- Packer / packing
- A technique in which the original malware code is compressed or encrypted and wrapped in a stub loader that decompresses or decrypts...
- Permissioned ledger
- A distributed ledger in which participation is controlled by a known set of validators (for example, Hyperledger Fabric). Unlike public blockchains, a...
- Portable Executable (PE)
- The binary file format used by Windows executables (.exe), dynamic-link libraries (.dll), and drivers (.sys). The PE header contains a structured metadata...
- Provenance manifest
- A structured record, either embedded in a file or stored externally, that documents a media asset's origin, capture conditions, chain of custody,...
Explained in these topics
- Blockchain and Distributed Ledger Approaches to Media ProvenanceA fixed-length digest produced by a hash function (such as SHA-256) from a file's binary content. Any change to the file, even a single bit, produces a complet...
- Static Malware AnalysisA fixed-length digest produced from a file's bytes by an algorithm such as MD5 (128-bit), SHA-1 (160-bit), or SHA-256 (256-bit). Identical files always produce...