The Massive 2 mb Shellcode API Hash List

I have been trying to get the Malware Analysis Search to include a page for searching Windows API Hashes. The ror hashing technique is quite popular in shellcode. I'm not going to write about the technique but there are plenty of great posts on it. I'd recommend Rolf's post on OpenRCE. I hashed (key values 0x0 through 0x1f) over 5k exported functions in advapi32.dll, gdi32.dll, kernel32.dll, netapi32.dll, ntdll.dll, shlwapi.dll, shlwapi.dll, user32.dll, wininet.dll, ws2_32.dll and ws2help.dll. Currently, I have had no luck with getting Google to index the page. So here is a Google spreadsheet link for anyone who would like a local copy. Just a warning the spreadsheet is 2 MB.

No comments:

Post a Comment