I was just experimenting with ssdeep
for a few days. It is a program that generates CTPH (context triggered piecewise hashes) from files, and can be used to recognize similar files easily along with a similarity score. And then something came to my mind –— I wrote a very
small program, modified the first slightly and produced a second one, and compared the hashes for two files :
$ ssdeep -dl foo.exe bar.exe
def.exe matches abc.exe (99)
Thus it seems that we can recognize similar executables.
If that's the case, then can't malware also take its advantage, and kill/delete the processes antivirus/antimalware programs? Does any present form of malware already do this? Its already giving me the creeps.