Hasherama
A Windows string hashing toolkit for security research and malware analysis.Research implementation of malware-focused algorithms from VX Underground collection. For educational and research purposes only.
Install / Use
/learn @AbdouRoumi/HasheramaREADME
Hasherama
Overview
Welcome to the Hasherama repository! This project is a specialized string hashing toolkit designed for malware researchers and security professionals. It implements multiple hashing algorithms commonly used in malware analysis and research, derived from the VX Underground collection. The tool supports both ASCII and Unicode strings, making it essential for analyzing various types of malware strings, identifiers, and patterns.
This toolkit is specifically crafted for security research purposes, providing implementations of hashing algorithms frequently encountered in malware samples and security research.
Table of Contents
Features
- Implementation of hashing algorithms commonly found in malware:
- Djb2 (ASCII/Unicode) - Often used in string table lookups
- FowlerNollVo Variant 1a - Popular in malware string obfuscation
- LoseLose - Seen in basic string hashing implementations
- Sdbm - Used in various malware families
- Jenkins One-at-a-Time (32-bit) - Common in advanced string obfuscation
- Unknown Generic Hash 1 - Documented from malware samples
- Full Unicode support for international malware analysis
- Clean, documented implementations for research purposes
- Memory-efficient processing
- Windows API compatible
Installation
- Clone the repository:
git clone https://github.com/yourusername/Hasherama.git - Open the project in Visual Studio.
- Build the project in Debug or Release mode.
Usage
- Compile the program.
- Use in your malware analysis tools or scripts:
// Hash potentially malicious API strings DWORD apiHash = HashStringDjb2A("CreateRemoteThread"); // Hash Unicode command strings DWORD cmdHash = HashStringDjb2W(L"cmd.exe /c whoami"); // Compare with known malware hashes if (HashStringJenkinsOneAtATime32BitA(suspiciousString) == knownMalwareHash) { // Handle detection }
Example Output
=== ASCII String Tests ===
Input: "E1B1gR0m4"
Djb2: 0xE286DCF8
FowlerNollVo: 0x52E9ECF8
LoseLose: 0x00000273
Sdbm: 0xE53C6FF1
UnknownGeneric: 0x557C10A4
JenkinsOneAtATime: 0x24C0A73A
=== Unicode String Tests ===
Input: "ElB1gR0m4"
Djb2: 0x55B2ECD3
FowlerNollVo: 0xD5FFC641
LoseLose: 0x000002AE
Sdbm: 0x7A5066F6
UnknownGeneric: 0x057C14F4
JenkinsOneAtATime: 0x3BD3D1A3
Press Enter to quit...
Research Applications
- Malware Family Classification
- String Obfuscation Analysis
- API Function Hashing Detection
- Malware Configuration Extraction
- Indicator of Compromise (IoC) Generation
- Malware Family Correlation
Contributing
Contributions from malware researchers and security professionals are welcome! If you've encountered new hashing algorithms in your research or want to improve existing ones, feel free to open an issue or submit a pull request.
License
This project is licensed under the MIT License.
Disclaimer
This tool is intended for security research and malware analysis purposes only. Users are responsible for ensuring compliance with applicable laws and regulations in their jurisdiction.
Happy Hunting! 🔍
"Understanding malware hashing techniques is crucial for modern threat analysis."
Related Skills
proje
Interactive vocabulary learning platform with smart flashcards and spaced repetition for effective language acquisition.
YC-Killer
2.7kA library of enterprise-grade AI agents designed to democratize artificial intelligence and provide free, open-source alternatives to overvalued Y Combinator startups. If you are excited about democratizing AI access & AI agents, please star ⭐️ this repository and use the link in the readme to join our open source AI research team.
best-practices-researcher
The most comprehensive Claude Code skills registry | Web Search: https://skills-registry-web.vercel.app
groundhog
398Groundhog's primary purpose is to teach people how Cursor and all these other coding agents work under the hood. If you understand how these coding assistants work from first principles, then you can drive these tools harder (or perhaps make your own!).
