Compare two TLSH compact hashes.

The ha and hb arguments are strings from which the hashes will be rebuilt. The compute_content_tlsh_hash() method can be used to create such strings. The filtering of valid inputs rely internally on the is_valid_tlsh_hash() function.

The length argument defines if the TLSH data size hint has to be considered by the comparison process.

The returned value is a difference level provided as an integer value or None in case of error.

Compute the TLSH compact hash for a given binary content with a 1-byte checksum.

The content argument is a BinContent instance providing the data to process. The optional version parameter add a 'T?' prefix to the result.

The returned value is a MD5 digest string or None in case of error.

Compute the import hash for a given PE format.

The format argument is a PE file format provided as a PeFormat instance and std defines the kind of hash to compute.

The standard version has been created by Mandiant/FireEye; the other one is used by the popular pefile Python module.

The returned value is a MD5 digest string or None in case of error.

Compute the expected value for the Rich header checksum of a PE file.

The format argument is a PE file format provided as a PeFormat instance.

The returned value is a 32-bit integer value or None in case of error.

Compute the Rich hash or the RichPV hash for a given PE format.

The format argument is a PE file format provided as a PeFormat instance and pv defines the kind of hash to compute.

The returned value is a MD5 digest string or None in case of error.

Check if a h string can be considered as a valid TLSH compact hash.

The returned value is a boolean value.