#
# IMPHash Generator
# by Florian Roth
# February 2014
#
This tool generates "PE import hashes" for all executables it finds in the given
directory and marks every import hash as unusable that can also be found in the
goodware-hash-database.
The goodware hash database contains hash values from:
- Windows 7 64bit system folder
- Cygwin 32 bit
- Office 2012
- Python 2.7
Typical use cases:
================================================================================
Scan a directory and generate the PE import hashes for all executables in this
directory
python imphash-gen.py -p X:\MAL\Virus1
Generate a goodware hash database from my Windows directory:
python imphash-gen.py --createdb -r -p C:\Windows
Update the goodware hash database with PE import hashes generated from
executables from the programs folder.
python imphash-gen.py --updatedb -r -p "C:\Program Files"