Skip to main content

Classification of Ransomware Families Based on Hashing Techniques

  • Conference paper
  • First Online:
The 12th Conference on Information Technology and Its Applications (CITA 2023)


The primary objective of this research is to propose a novel method for analyzing malware through the utilization of hashing techniques. The proposed approach integrates the use of Import Hash, Fuzzy Hash, and Section Level Fuzzy Hash (SLFH) to create a highly optimized, efficient, and accurate technique to classify ransomware families. To test the proposed methodology, we collected a comprehensive dataset from reputable sources and manually labelled each sample to augment the reliability and precision of our analysis. During the development of the proposed methodology, we introduced new steps and conditions to identify ransomware families, resulting in the highest performance level. The major contributions of this research include the combination of various hashing techniques and the proposal of a hash comparison strategy that facilitates the comparison of section hashes between ransomware and the pre-build database.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


  1. Checkpoint, “Cyber Security Report 2021”. Accessed 05 Jan 2023

  2. Naik, N., Jenkins, P., Savage, N., Yang, L., Boongoen, T., Iam-On, N.: Fuzzy-import hashing: a static analysis technique for malware detection. Forensic Sci. Int. Digital Invest. 37(301139), 1–13 (2021)

    Google Scholar 

  3. Shiel, I., O’Shaughnessy, S.: Improving file-level fuzzy hashes for malware variant classification. Digit. Investig. 28, 88–94 (2019)

    Article  Google Scholar 

  4. Gupta, S., Sharma, H., Kaur, S.: Malware characterization using windows API call sequences. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 271–280. Springer, Cham (2016).

    Chapter  Google Scholar 

  5. Microsoft, “Windows Devices,” microsoft. Accessed 05 Jan 2023

  6. Breitinger, F., Baier, H.: A fuzzy hashing approach based on random sequences and hamming distance. In: ADFSL Conference on Digital Forensics, Security and Law, pp. 89–100 (2012)

    Google Scholar 

  7. Raff, E., Nicholas, C.: Lempel-Ziv Jaccard Distance, an effective alternative to ssdeep and sdhash. Digit. Investig. 24, 34–49 (2018)

    Article  Google Scholar 

  8. Kornblum, J.: Identifying almost identical files using context triggered piecewise hashing. Digit. Investig. 3, 91–97 (2006)

    Article  Google Scholar 

  9. Pagani, F., Dell’Amico, M., Balzarotti, D. : Beyond precision and recall: understanding uses (and misuses) of similarity hashes in binary analysis. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 354–365 (2018)

    Google Scholar 

  10. Fernandes, E., Bezerra, F., Moraes, T.: Comparing PE pieces. Accessed 05 Jan 2023

  11. Fernandes, E., Bezerra, F., Moraes, T.: pev the PE file analysis toolkit. Accessed 05 Jan 2023

  12. Naik, N., Jenkins, P., Savage, N., et al.: Embedded YARA rules: strengthening YARA rules utilising fuzzy hashing and fuzzy rules for malware analysis. Complex Intell. Syst. 7, 687–702 (2021)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Truong Duy Dinh .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Le, T.D., Le, B.L., Dinh, T.D., Pham, V.D. (2023). Classification of Ransomware Families Based on Hashing Techniques. In: Nguyen, N.T., Le-Minh, H., Huynh, CP., Nguyen, QV. (eds) The 12th Conference on Information Technology and Its Applications. CITA 2023. Lecture Notes in Networks and Systems, vol 734. Springer, Cham.

Download citation

Publish with us

Policies and ethics