Monday 06 July 2026 14:27:11 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Static signature

A detection method that matches files or patterns against known indicators such as hashes or strings.

A static signature is a detection rule that matches a file or pattern against known indicators, such as hashes, byte sequences, filenames, or embedded strings. Security tools use it to recognize malware that has already been seen and cataloged. Because it works without running the file, it is fast and low cost, which makes it common in antivirus engines, gateway scanners, and intrusion detection systems.

Static signatures matter because they are very effective against reused samples and known toolsets, but they weaken when attackers change the artifact. If a binary is rebuilt often, packed, or generated as a disposable one-off, its hash and strings may no longer match previous detections. In real attacks and defenses, this creates a race: defenders maintain signature feeds to catch known threats, while attackers try to vary code, names, and build details to evade them. That is why signature-based detection is usually strongest when combined with behavioral telemetry, sandboxing, and other runtime signals.

← WIKICROOK index