PE Import Hash Generator
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore Initial Commit of first Beta Feb 9, 2014
README.txt Initial Commit of first Beta Feb 9, 2014
goodimps.db Initial Commit of first Beta Feb 9, 2014
imphash-gen.py 0.7.0 Jul 17, 2017

README.txt

#
# IMPHash Generator
# by Florian Roth
# February 2014
#

This tool generates "PE import hashes" for all executables it finds in the given
directory and marks every import hash as unusable that can also be found in the
goodware-hash-database.

The goodware hash database contains hash values from:
- Windows 7 64bit system folder
- Cygwin 32 bit
- Office 2012
- Python 2.7

Typical use cases:
================================================================================

Scan a directory and generate the PE import hashes for all executables in this 
directory 

    python imphash-gen.py -p X:\MAL\Virus1

Generate a goodware hash database from my Windows directory:

    python imphash-gen.py --createdb -r -p C:\Windows

Update the goodware hash database with PE import hashes generated from 
executables from the programs folder.

    python imphash-gen.py --updatedb -r -p "C:\Program Files"