[syu]

hello ,

i am new in malware analysis for my research study project .. i have done some analysis about malware but how do not understand abaout md5 how to read and compare .

let say

file A : 933535bc91dcb769622440783c3b1f63
file B : 9bedcb891fb23e9ea9fa08e1c61a6a5b

based on these two file (md5) it showed that file A and file B have the same number 91 (in md5 string) so based on manually could i identify it is the same file but have been modified ?

tq

[EP_X0FF]

based on these two file (md5) it showed that file A and file B have the same number 91 (in md5 string) so based on manually could i identify it is the same file but have been modified ?

No.

[Xylitol]

https://en.wikipedia.org/wiki/MD5

[syu]

tq ..

but can you or anyone give me some simple example to detect the same file based on md5 ?

[Xylitol]

what do you want to do, collision?

[Vrtule]

Hello,

MD5 is a cryptographic hash function which means (beside other things) that even a small change in its input (file content) produces a great change in its output (the hash). So, when the files are the same (have the same content) their MD5 hashes are exactly the same. When the files differ (even in a single bit), their hashes are different (except the case of a MD5 colision).

In theory, a similarity in two hashes (meaning they contain the smae substring for example) should not tell you anything about similarity of their inputs.

I am not sure how good is MD5 today but AFAIK it is considered broken or nearly broken for most use cases.

[syu]

tq to all of you . now i know what md5 is about ...

tq so much .. very helpful ...