VirusShare Hash Library Creator
This script creates an EnCase hash-library from the VirusShare hash-lists available to download from https://virusshare.com.
The lists are generated from VirusShare.com's collection of malware samples, which are available to download via BitTorrent.
At the time of writing this, the regular VirusTotal hash-lists comprise 370+ files containing a total of 340M+ hashes.
Accordingly, the script will take some time to run. During this time progress can be monitored via the console-window and status-bar.
Please note that the VirusShare.com malware-collection is known to contain some false positives.
Should this prove problematic, the examiner might wish to consider using a second hash-library, one containing an accurate list of known files, e.g., NIST's National Software Reference Library (NSRL).
The Hash List Importer EnScript can be used to create a hash library from the NSRL NDS hash-set, the minimal set being the recommended one.
The Hash Calculator Plugin EnScript can be used to send a file's SHA-256 hash to VirusTotal.
For additional information, please see the following Twitter post:
This script was developed for use in EnCase training. For more details, please click the following link:Download Now