signature (anti-virus)

0001-01-01

An anti-virus signature is a unique pattern used to detect viruses, malware, and other such problematic software.

Types of signatures:

  • Static signatures: fixed patterns within malware’s binary files such as a string or series of bytes.

  • Hash signatures: MD5, SHA256, … hashes of known malicious files.

  • Heuristic signatures: looks for traits within malware such as permissions and layout of program sections, and other characteristics that may differ from “normal”, benign files.

  • Behavioral signatures: look for unusual system calls, network traffic, file accesses, etc.