DOCSLIB.ORG

Automated Malware Analysis Report for Murmurhash-1.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report for Murmurhash-1.0 ID: 205862 Sample Name: murmurhash- 1.0.2-cp37-cp37m- win_amd64.whl Cookbook: default.jbs Time: 02:34:55 Date: 05/02/2020 Version: 28.0.0 Lapis Lazuli Table of Contents Table of Contents 2 Analysis Report murmurhash-1.0.2-cp37-cp37m-win_amd64.whl 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Mitre Att&ck Matrix 6 Signature Overview 6 Software Vulnerabilities: 6 Networking: 6 System Summary: 6 Persistence and Installation Behavior: 7 Hooking and other Techniques for Hiding and Protection: 7 Malware Analysis System Evasion: 7 Anti Debugging: 7 HIPS / PFW / Operating System Protection Evasion: 7 Language, Device and Operating System Detection: 7 Malware Configuration 7 Behavior Graph 7 Simulations 8 Behavior and APIs 8 Antivirus, Machine Learning and Genetic Malware Detection 8 Initial Sample 8 Dropped Files 8 Unpacked PE Files 8 Domains 8 URLs 8 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Sigma Overview 9 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Startup 9 Created / dropped Files 10 Domains and IPs 14 Contacted Domains 14 URLs from Memory and Binaries 14 Contacted IPs 14 Static File Info 14 General 14 File Icon 15 Network Behavior 15 Code Manipulations 15 Statistics 15 Behavior 15 System Behavior 15 Analysis Process: unarchiver.exe PID: 5844 Parent PID: 3292 16 Copyright Joe Security LLC 2020 Page 2 of 25 General 16 File Activities 16 File Created 16 File Written 16 File Read 16 Analysis Process: 7za.exe PID: 5868 Parent PID: 5844 17 General 17 File Activities 17 File Created 17 File Written 18 File Read 24 Analysis Process: conhost.exe PID: 5892 Parent PID: 5868 24 General 24 Disassembly 25 Code Analysis 25 Copyright Joe Security LLC 2020 Page 3 of 25 Analysis Report murmurhash-1.0.2-cp37-cp37m-win_amd64.whl Overview General Information Joe Sandbox Version: 28.0.0 Lapis Lazuli Analysis ID: 205862 Start date: 05.02.2020 Start time: 02:34:55 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 12s Hypervisor based Inspection enabled: false Report type: light Sample file name: murmurhash-1.0.2-cp37-cp37m-win_amd64.whl (renamed file extension from whl to zip) Cookbook file name: default.jbs Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 5 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled HDC enabled AMSI enabled Analysis stop reason: Timeout Detection: CLEAN Classification: clean3.winZIP@4/16@0/0 EGA Information: Failed HDC Information: Failed HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Enable AMSI Stop behavior analysis, all processes terminated Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Execution Graph export aborted for target unarchiver.exe, PID 5844 because it is empty Detection Strategy Score Range Reporting Whitelisted Detection Threshold 3 0 - 100 false Confidence Copyright Joe Security LLC 2020 Page 4 of 25 Strategy Score Range Further Analysis Required? Confidence Threshold 4 0 - 5 false Classification Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox Copyright Joe Security LLC 2020 Page 5 of 25 Mitre Att&ck Matrix Initial Privilege Credential Lateral Command Network Access Execution Persistence Escalation Defense Evasion Access Discovery Movement Collection Exfiltration and Control Effects Valid Windows Winlogon Process Disabling Security Credential Virtualization/Sandbox Application Data from Data Standard Eavesdrop on Accounts Remote Helper DLL Injection 1 1 Tools 1 Dumping Evasion 2 Deployment Local Encrypted 1 Cryptographic Insecure Management Software System Protocol 1 Network Communication Replication Service Port Accessibility Virtualization/Sandbox Network System Information Remote Data from Exfiltration Fallback Exploit SS7 to Through Execution Monitors Features Evasion 2 Sniffing Discovery 2 Services Removable Over Other Channels Redirect Phone Removable Media Network Calls/SMS Media Medium External Windows Accessibility Path Process Input Query Registry Windows Data from Automated Custom Exploit SS7 to Remote Management Features Interception Injection 1 1 Capture Remote Network Exfiltration Cryptographic Track Device Services Instrumentation Management Shared Protocol Location Drive Drive-by Scheduled System DLL Search Obfuscated Files or Credentials System Network Logon Input Data Multiband SIM Card Compromise Task Firmware Order Information 1 in Files Configuration Scripts Capture Encrypted Communication Swap Hijacking Discovery Signature Overview • Software Vulnerabilities • Networking • System Summary • Persistence and Installation Behavior • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • Anti Debugging • HIPS / PFW / Operating System Protection Evasion • Language, Device and Operating System Detection Click to jump to signature section Software Vulnerabilities: Found inlined nop instructions (likely shell or obfuscated code) Networking: Urls found in memory or binary data System Summary: Detected potential crypto function Classification label Creates mutexes Creates temporary files Parts of this applications are using the .NET runtime (Probably coded in C#) Reads software policies Spawns processes Uses new MSVCR Dlls Copyright Joe Security LLC 2020 Page 6 of 25 Persistence and Installation Behavior: Drops PE files Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Malware Analysis System Evasion: Contains long sleeps (>= 3 min) Found dropped PE file which has not been started or loaded May sleep (evasive loops) to hinder dynamic analysis Anti Debugging: Creates guard pages, often used to prevent reverse engineering and debugging HIPS / PFW / Operating System Protection Evasion: Creates a process in suspended mode (likely to inject code) Language, Device and Operating System Detection: Queries the cryptographic machine GUID Malware Configuration No configs have been found Behavior Graph Copyright Joe Security LLC 2020 Page 7 of 25 Hide Legend Legend: Process Signature Created File Behavior Graph DNS/IP Info ID: 205862 Sample: murmurhash-1.0.2-cp37-cp37m... Is Dropped Startdate: 05/02/2020 Is Windows Process Architecture: WINDOWS Score: 3 Number of created Registry Values started Number of created Files Visual Basic unarchiver.exe Delphi 5 Java .Net C# or VB.NET started C, C++ or other language 7za.exe Is malicious Internet 27 dropped dropped dropped dropped C:\Users\user\...\test_against_mmh3.py, Python C:\Users\user\...\mrmr.cp37-win_amd64.pyd, PE32+ C:\Users\user\AppData\...\test_import.py, Python C:\Users\user\AppData\Local\...\__init__.py, Python started conhost.exe Simulations Behavior and APIs No simulations Antivirus, Machine Learning and Genetic Malware Detection Initial Sample No Antivirus matches Dropped Files Source Detection Scanner Label Link C:\Users\user\AppData\Local\Temp\wltdyeg5.cqs\murmurhash\mrmr.cp37-win_amd64.pyd 0% Virustotal Browse Unpacked PE Files No Antivirus matches Domains No Antivirus matches URLs Copyright Joe Security LLC 2020 Page 8 of 25 No Antivirus matches Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Sigma Overview No Sigma rule has matched Joe Sandbox View / Context IPs No context Domains No context ASN No context JA3 Fingerprints No context Dropped Files No context Startup Copyright Joe Security LLC 2020 Page 9 of 25 System is w10x64 unarchiver.exe (PID: 5844 cmdline: 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip' MD5: CC652A2104B9470999DA6603F972D7B4) 7za.exe (PID: 5868 cmdline: 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\wltdyeg5.cqs' 'C:\Users\user\Desktop\murmurhash-1.0.2- cp37-cp37m-win_amd64.zip' MD5: 77E556CDFDC5C592F5C46DB4127C6F4C) conhost.exe (PID: 5892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cleanup Created / dropped Files C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log Process: C:\Windows\SysWOW64\unarchiver.exe File Type: ASCII text, with CRLF line terminators Size (bytes): 128 Entropy (8bit): 5.166201977254936 Encrypted: false MD5: 55887639A13C458914BF5B0242958FD8 SHA1: 1B7576C23201581E49DA512B0E61743324CB8251 SHA-256: BA44A8F5211411E615ED523042D2B1870ACDBC6F6D3FE99C30429BB4CC151247 SHA-512: FC3E785FDA47A67AAD3230C138A560A07A240EAB74742CCAB68D4611D9E818B177D7B102CEA0A79F265A7751C2A8E5E138446E9BEB214A3532B566649175D313 Malicious: false Reputation: moderate, very likely benign file Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d72bdddce94cd6438f15999de0b0afb6\System.ni.dll",0.. C:\Users\user\AppData\Local\Temp\rwduyhgu.iiz\unarchiver.log Process: C:\Windows\SysWOW64\unarchiver.exe
Load more

Recommended publications
  • AUTOMATIC DESIGN of NONCRYPTOGRAPHIC HASH FUNCTIONS USING GENETIC PROGRAMMING, Computational Intelligence, 4, 798– 831
    Universidad uc3m Carlos Ill 0 -Archivo de Madrid This is a postprint version of the following published document: Estébanez, C., Saez, Y., Recio, G., and Isasi, P. (2014), AUTOMATIC DESIGN OF NONCRYPTOGRAPHIC HASH FUNCTIONS USING GENETIC PROGRAMMING, Computational Intelligence, 4, 798– 831 DOI: https://doi.org/10.1111/coin.12033 © 2014 Wiley Periodicals, Inc. AUTOMATIC DESIGN OF NONCRYPTOGRAPHIC HASH FUNCTIONS USING GENETIC PROGRAMMING CESAR ESTEBANEZ, YAGO SAEZ, GUSTAVO RECIO, AND PEDRO ISASI Department of Computer Science, Universidad Carlos III de Madrid, Madrid, Spain Noncryptographic hash functions have an immense number of important practical applications owing to their powerful search properties. However, those properties critically depend on good designs: Inappropriately chosen hash functions are a very common source of performance losses. On the other hand, hash functions are difficult to design: They are extremely nonlinear and counterintuitive, and relationships between the variables are often intricate and obscure. In this work, we demonstrate the utility of genetic programming (GP) and avalanche effect to automatically generate noncryptographic hashes that can compete with state-of-the-art hash functions. We describe the design and implementation of our system, called GP-hash, and its fitness function, based on avalanche properties. Also, we experimentally identify good terminal and function sets and parameters for this task, providing interesting information for future research in this topic. Using GP-hash, we were able to generate two different families of noncryptographic hashes. These hashes are able to compete with a selection of the most important functions of the hashing literature, most of them widely used in the industry and created by world-class hashing experts with years of experience.
    [Show full text]
  • Open Source Used in Quantum SON Suite 18C
    Open Source Used In Cisco SON Suite R18C Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-185964180 Open Source Used In Cisco SON Suite R18C 1 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-185964180 Contents 1.1 argparse 1.2.1 1.1.1 Available under license 1.2 blinker 1.3 1.2.1 Available under license 1.3 Boost 1.35.0 1.3.1 Available under license 1.4 Bunch 1.0.1 1.4.1 Available under license 1.5 colorama 0.2.4 1.5.1 Available under license 1.6 colorlog 0.6.0 1.6.1 Available under license 1.7 coverage 3.5.1 1.7.1 Available under license 1.8 cssmin 0.1.4 1.8.1 Available under license 1.9 cyrus-sasl 2.1.26 1.9.1 Available under license 1.10 cyrus-sasl/apsl subpart 2.1.26 1.10.1 Available under license 1.11 cyrus-sasl/cmu subpart 2.1.26 1.11.1 Notifications 1.11.2 Available under license 1.12 cyrus-sasl/eric young subpart 2.1.26 1.12.1 Notifications 1.12.2 Available under license Open Source Used In Cisco SON Suite R18C 2 1.13 distribute 0.6.34
    [Show full text]
  • Implementation of the Programming Language Dino – a Case Study in Dynamic Language Performance
    Implementation of the Programming Language Dino – A Case Study in Dynamic Language Performance Vladimir N. Makarov Red Hat [email protected] Abstract design of the language, its type system and particular features such The article gives a brief overview of the current state of program- as multithreading, heterogeneous extensible arrays, array slices, ming language Dino in order to see where its stands between other associative tables, first-class functions, pattern-matching, as well dynamic programming languages. Then it describes the current im- as Dino’s unique approach to class inheritance via the ‘use’ class plementation, used tools and major implementation decisions in- composition operator. cluding how to implement a stable, portable and simple JIT com- The second part of the article describes Dino’s implementation. piler. We outline the overall structure of the Dino interpreter and just- We study the effect of major implementation decisions on the in-time compiler (JIT) and the design of the byte code and major performance of Dino on x86-64, AARCH64, and Powerpc64. In optimizations. We also describe implementation details such as brief, the performance of some model benchmark on x86-64 was the garbage collection system, the algorithms underlying Dino’s improved by 3.1 times after moving from a stack based virtual data structures, Dino’s built-in profiling system, and the various machine to a register-transfer architecture, a further 1.5 times by tools and libraries used in the implementation. Our goal is to give adding byte code combining, a further 2.3 times through the use an overview of the major implementation decisions involved in of JIT, and a further 4.4 times by performing type inference with a dynamic language, including how to implement a stable and byte code specialization, with a resulting overall performance im- portable JIT.
    [Show full text]
  • Hash-Flooding Dos Reloaded
    Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article Jean-Philippe Aumasson, “Designing and attacking Kudelski Security (NAGRA) port scan detection tools” by Solar Designer (Alexander D. J. Bernstein, Peslyak) in Phrack Magazine: University of Illinois at Chicago & Technische Universiteit Eindhoven “In scanlogd, I’m using a hash table to lookup source addresses. Martin Boßlet, This works very well for the Ruby Core Team typical case ::: average lookup time is better than that of a binary search. ::: Hash-flooding DoS reloaded: Hash flooding begins? However, an attacker can attacks and defenses choose her addresses (most July 1998 article likely spoofed) to cause hash Jean-Philippe Aumasson, “Designing and attacking collisions, effectively replacing the Kudelski Security (NAGRA) port scan detection tools” hash table lookup with a linear by Solar Designer (Alexander D. J. Bernstein, search. Depending on how many Peslyak) in Phrack Magazine: University of Illinois at Chicago & entries we keep, this might make Technische Universiteit Eindhoven “In scanlogd, I’m using a hash scanlogd not be able to pick table to lookup source addresses. ::: Martin Boßlet, new packets up in time. I’ve This works very well for the Ruby Core Team solved this problem by limiting typical case ::: average lookup the number of hash collisions, and time is better than that of a discarding the oldest entry with binary search. ::: the same hash value when the limit is reached. Hash-flooding DoS reloaded: Hash flooding begins? However, an attacker can attacks and defenses choose her addresses (most July 1998 article likely spoofed) to cause hash Jean-Philippe Aumasson, “Designing and attacking collisions, effectively replacing the Kudelski Security (NAGRA) port scan detection tools” hash table lookup with a linear by Solar Designer (Alexander D.
    [Show full text]
  • Automated Malware Analysis Report for Phish Survey.Js
    ID: 382893 Sample Name: phish_survey.js Cookbook: default.jbs Time: 20:27:42 Date: 06/04/2021 Version: 31.0.0 Emerald Table of Contents Table of Contents 2 Analysis Report phish_survey.js 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Startup 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 URLs from Memory and Binaries 7 Contacted IPs 8 General Information 8 Simulations 9 Behavior and APIs 9 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 9 General 9 File Icon 9 Network Behavior 10 Code Manipulations 10 Statistics 10 System Behavior 10 Analysis Process: wscript.exe PID: 6168 Parent PID: 3388 10 General 10 File Activities 10 Disassembly 10 Code Analysis 10 Copyright Joe Security LLC 2021 Page 2 of 10 Analysis Report phish_survey.js Overview General Information Detection Signatures Classification Sample phish_survey.js Name: FFoouunndd WSSHH tttiiimeerrr fffoorrr JJaavvaassccrrriiippttt oorrr VV… Analysis ID: 382893 JFJaaovvuaan d/// VVWBBSSSHccr rritiipipmttt feffiiillrlee f owwrii ittJthha vveaerrsryyc rllloiopnntg go srs …V MD5: b3c1f68ef7299a7… PJParrrovogagrr ra/a mVB ddSooceersisp ntn ofoitltte ss hwhooitwhw vmeuurycc hhlo aanccgttt iiivsviii… SHA1: b8e9103fffa864a…
    [Show full text]
  • Symantec Data Insight 4.5.1 Third-Party Attributions
    Symantec Data Insight Third-Party Attributions Guide 4.5.1 October 2014 Symantec Proprietary and Confidential Symantec Data Insight 4.5 Third-Party Attributions Guide 4.5.1 Documentation version: 4.5.1 Rev 0 Legal Notice Copyright © 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.
    [Show full text]
  • Fundamental Data Structures Contents
    Fundamental Data Structures Contents 1 Introduction 1 1.1 Abstract data type ........................................... 1 1.1.1 Examples ........................................... 1 1.1.2 Introduction .......................................... 2 1.1.3 Defining an abstract data type ................................. 2 1.1.4 Advantages of abstract data typing .............................. 4 1.1.5 Typical operations ...................................... 4 1.1.6 Examples ........................................... 5 1.1.7 Implementation ........................................ 5 1.1.8 See also ............................................ 6 1.1.9 Notes ............................................. 6 1.1.10 References .......................................... 6 1.1.11 Further ............................................ 7 1.1.12 External links ......................................... 7 1.2 Data structure ............................................. 7 1.2.1 Overview ........................................... 7 1.2.2 Examples ........................................... 7 1.2.3 Language support ....................................... 8 1.2.4 See also ............................................ 8 1.2.5 References .......................................... 8 1.2.6 Further reading ........................................ 8 1.2.7 External links ......................................... 9 1.3 Analysis of algorithms ......................................... 9 1.3.1 Cost models ......................................... 9 1.3.2 Run-time analysis
    [Show full text]
  • Antares: a Scalable, Efficient Platform for Stream, Historic
    School of Computing Science Antares: A Scalable, Efficient Platform for Stream, Historic, Combined and Geospatial Querying Rebecca Simmonds Submitted for the degree of Doctor of Philosophy in the School of Computing Science, Newcastle University June 2016 c 2016, Rebecca Simmonds Abstract Traditional methods for storing and analysing data are proving inadequate for process- ing \Big Data". This is due to its volume, and the rate at which it is being generated. The limitations of current technologies are further exacerbated by the increased de- mand for applications which allow users to access and interact with data as soon as it is generated. Near real-time analysis such as this can be partially supported by stream processing systems, however they currently lack the ability to store data for efficient historic processing: many applications require a combination of near real-time and historic data analysis. This thesis investigates this problem, and describes and evaluates a novel approach for addressing it. Antares is a layered framework that has been designed to exploit and extend the scalability of NoSQL databases to support low latency querying and high throughput rates for both stream and historic data analysis simultaneously. Antares began as a company funded project, sponsored by Red Hat the motivation was to identify a new technology which could provide scalable analysis of data, both stream and historic. The motivation for this was to explore new methods for supporting scale and efficiency, for example a layered approach. A layered approach would exploit the scale of historic stores and the speed of in-memory processing. New technologies were investigates to identify current mechanisms and suggest a means of improvement.
    [Show full text]
  • An Enhanced Non-Cryptographic Hash Function
    International Journal of Computer Applications (0975 – 8887) Volume 176 – No. 15, April 2020 An Enhanced Non-Cryptographic Hash Function Vivian Akoto-Adjepong Michael Asante Steve Okyere-Gyamfi University of Energy and Natural Kwame Nkrumah University of Christian Service University Resources Science and Technology College Department of Computer Science Department of Computer Science Department of Computer Science and Informatics Private Mail Bag, KNUST, Kumasi, and Information Technology P. O. Box 214 Sunyani, Ghana Ghana P. O. Box 3110 Kumasi, Ghana ABSTRACT In order to locate and retrieve information, hashing is a How to store information for it to be searched and retrieved recommended scheme because is effective and efficient [18]. efficiently is one of the fundamental problems in computer A suitable hash function and strategy must be used to solve science. There exists sequential search that support operation particular problems or for specific application. This will help such as INSERT, DELETE and RETRIVAL in O (n log (n)) efficient use of memory space and reduce access time. expected time in operations. Therefore in many applications where these operations are needed, hashing provides a way to There exist different types of hash algorithms such as non- reduce expected time to O (1).There are many different types cryptographic hash algorithms or functions, cryptographic of hashing algorithms or functions such as cryptographic hash hash algorithms or functions, checksums and cyclic functions, non-cryptographic hash function, checksums and redundancy checks [1][3]. cyclic redundancy checks. Non-cryptographic hash functions Independent of the inputs of a hash functions, they are (NCHFs) take a string as input and compute an integer output optimized to work very well in different scenarios.
    [Show full text]
  • The Power of Evil Choices in Bloom Filters Thomas Gerbet, Amrit Kumar, Cédric Lauradoux
    The Power of Evil Choices in Bloom Filters Thomas Gerbet, Amrit Kumar, Cédric Lauradoux To cite this version: Thomas Gerbet, Amrit Kumar, Cédric Lauradoux. The Power of Evil Choices in Bloom Filters. [Research Report] RR-8627, INRIA Grenoble. 2014. hal-01082158v2 HAL Id: hal-01082158 https://hal.inria.fr/hal-01082158v2 Submitted on 24 Feb 2015 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. The Power of Evil Choices in Bloom Filters Thomas Gerbet, Amrit Kumar, Cédric Lauradoux RESEARCH REPORT N° 8627 November 2014 Project-Team Privatics ISSN 0249-6399 ISRN INRIA/RR--8627--FR+ENG The Power of Evil Choices in Bloom Filters Thomas Gerbet, Amrit Kumar, C´edricLauradoux Project-Team Privatics Research Report n° 8627 | November 2014 | 24 pages Abstract: A Bloom filter is a probabilistic hash-based data structure extensively used in software products including online security applications. This paper raises the following important question: Are Bloom filters correctly designed in a security context ? The answer is no and the reasons are multiple: bad choices of parameters, lack of adversary models and misused hash functions. Indeed, developers truncate cryptographic digests without a second thought on the security implications.
    [Show full text]
  • Qlikview-Third-Party-License-Terms.Pdf
    Third Party Software Attributions, Copyrights, Licenses and Disclosure QlikView® May 2021 Certain open source or other third-party software components are integrated and/or redistributed with various releases of the QlikView software. Such third-party components include terms and conditions, such as attribution and liability disclaimers (collectively "Third Party Disclosures",) for which disclosure is required by their respective owners. This document sets forth such Third Party Disclosures for the specified version of the QlikView software and/or its associated Connectors, as of the date set forth above. This Third Party Disclosure is also available within the Documentation for QlikView and its associated Connectors, as well as on the Qlik web page located at www.qlik.com/license-terms. NEITHER QLIKTECH INTERNATIONAL AB NOR ANY OF ITS AFFILIATES (COLLECTIVELY, “QLIK”) MAKES ANY REPRESENTATION, WARRANTY OR OTHER COMMITMENT REGARDING SUCH THIRD PARTY COMPONENTS. AsyncLazy.cs • Copyright © 2014 Stephen Cleary • URL: https://github.com/StephenCleary/AsyncEx/tree/master/src/Nito.AsyncEx.Coordination • Version 5.0 • License: MIT AWS SDK • Copyright Amazon.com, Inc. or its affiliates. All rights reserved • URL: https://aws.amazon.com/sdk-for-go/ • Version: 1.34.28 • License: Apache-2.0 Aws-sdk-cpp • Copyright © 2010-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. • URL: https://github.com/aws/aws-sdk-cpp • Version: 1.8.148.1 • License: Apache-2.0 BigCache • Copyright © 2004 Allegro Tech • URL: github.com/allegro/bigcache • Version: 1.2.1 • License: Apache-2.0 Boost C++ Libraries • Copyright © 1999-2015 Boost Contributors • URL: http://www.boost.org • Version: 1.71.0.2 • License: Boost License Bouncy Castle Cryptos API • Copyright © 2000-2017 The Legion of the Bouncy Castle Inc.
    [Show full text]
  • Licensing Information User Manual for Autonomous Database on Shared Exadata Infrastructure
    Oracle® Cloud Licensing Information User Manual for Autonomous Database on Shared Exadata Infrastructure F40733-02 April 2021 Oracle Cloud Licensing Information User Manual for Autonomous Database on Shared Exadata Infrastructure, F40733-02 Copyright © 2021, 2021, Oracle and/or its affiliates. Primary Author: Thomas Van Raalte This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer
    [Show full text]