Hash

Radare2 supports a lot of different hashes, more that yara supports by default, so, of course, we extract them to use inside Yara. Following the complete list of them:

• md5
• sha1
• sha256
• sha384
• sha512
• crc16
• crc32
• md4
• xor
• xorpair
• parity
• entropy
• hamdist
• pcprint
• mod255
• adler32
• luhn

The way to use them is easy too, simply by comparison:

rule rule_hash
{
condition:
    r2.hash.md5 != "945fedb3a3c290d69f075f997e5320fc" or
    r2.hash.crc32 contains "b053d"
}