mirror of
https://github.com/zeek/zeek.git
synced 2025-10-03 07:08:19 +00:00
3bce313b12
This commit switches UID hashing from md5 to a highway hash. It also moves the salt value out of the file plugin - and makes it installation-specific instead - it is moved to the global namespace. There now are digest hash functions to make "static" installation-specific hashes that are stable over workers available to everyone; hashes can be 64, 128 or 256 bits in size. Due to the fact that we switch the file hashing algorithm, all file hashes change. The underlyigng algorithm that is used for hashing is highwayhash-128, which is significantly faster than md5.
13 lines
927 B
Text
13 lines
927 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path pe
|
|
#open 2020-04-30-00-46-44
|
|
#fields ts id machine compile_ts os subsystem is_exe is_64bit uses_aslr uses_dep uses_code_integrity uses_seh has_import_table has_export_table has_cert_table has_debug_data section_names
|
|
#types time string string time string string bool bool bool bool bool bool bool bool bool bool vector[string]
|
|
1429466342.201366 Fnb4mB2XqRVYhFoS5 unknown-475 0.000000 - - F T F F F T - - - - -
|
|
1429466342.225653 FA1RTf2aWhfkMzktL6 I386 1171692517.000000 Windows XP x64 or Server 2003 WINDOWS_GUI T F F F F T T F F T .text,.data,.rsrc
|
|
1429466342.250474 FrAnHibqoTVCbOJa2 I386 1210911433.000000 Windows 95 or NT 4.0 WINDOWS_CUI T F F F F T T F T T .text,.rdata,.data,.rsrc
|
|
1429466342.278998 FIYQC64cKEcfZoLbBg I386 1402852568.000000 Windows 95 or NT 4.0 WINDOWS_GUI T F F F F T T T F F .text,.Ddata,.data,.rsrc
|
|
#close 2020-04-30-00-46-44
|