Malware Detection: Context Triggered Piecewise Hashes (CTPH)
Published in
3 min readDec 17, 2022
A CTPH is a rolling hash and involves multiple traditional cryptographic hashes for one or more fixed-size segments in a file. One of the most popular CTPH methods is ssdeep. This was created, in 2006, by Jesse Kornblum [1] and uses fuzzy hashes: