Skip to content

PE imphash does not match YARA, VirusTotal, pefile #299

Closed
@jshlbrd

Description

@jshlbrd

Describe the bug
The imphash calculated by lief.PE.get_imphash() does match the imphash calculated by other tools. Here's an example:

executable SHA256: ad3722ab9dc9ad41a0e50122423737c241f98cc7374b4ddac999ed6eda4cfe9c
YARA imphash: 06694565e94cd10f48e1e4b90bc04bc2
VirusTotal imphash: 06694565e94cd10f48e1e4b90bc04bc2
pefile imphash: 06694565e94cd10f48e1e4b90bc04bc2
lief imphash: 0ffe645e98030f6b53caa49d22180504

To Reproduce
Compare the output by lief.PE.get_imphash() to other tools mentioned above.

Expected behavior
The imphash output of lief.PE.get_imphash() matches other tools commonly used in the industry.

Environment (please complete the following information):

  • System and Version : Ubuntu 18.04
  • Target format: PE
  • LIEF commit version: 0.9.0-a448c5e

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions