Hashing is a process that transforms arbitrary-length data into a small, fixed-length string of characters called a digest or message digest. Malware hashes are used by virus protection systems to identify viruses. They consist of calculated numerical values of code unique to the virus. Anti-virus software compares hashes of malware with hashes of software components within a computer system to detect malware.
Figure 1 shows the creation of a malware hash by generating a cryptographic hash of the malware code to create a digest that can be used by anti-virus software to identify a virus. Malware authors have learned to customize viruses for each infected machine, creating unique hashes for each copy delivered that challenge anti-virus systems.
Figure 1 – An example of the creation of a hash of malware code.