We have confirmed that you do need the original source file in order to generate the hash value. Our engineering team has generated the hash value and extracted it from the MS rule.
I've attached the file. Please let us know if it helps!
hashes.zip 1,008 bytes
I assume the registry key attached was meant to prohibit the registry
changes made by the malware by creating a registry path rule for the
There is no real use case for this problem, so no rush but I am curious
how this is meant to work.
I was hoping to know the actual path and the hash values. I had imported
this into my personal machine hoping I could then search for the values in
order to verify and test. ( pwdump, libeay32.dll & myGeeksmail.dll )
I had no luck with that plan.
I am looking for other solutions and will send updates if I have any luck.
Lori Wolcott | Systems Engineer
Those are the corresponding registry settings for a software restriction policy hash rule. Although, it only provides signatures for two of the files.