NSRLJP

NSRLJP - complement to NSRL(http://www.nsrl.nist.gov/) hash library with Japanese edition and software.

Download

NSRLJP_201905.7z (SHA-256: ab9cfed5226e9ee2e8a4c0994e252dacfa1df7c4bd3cc832836924a7183789dc)
(Hashes: 3,718,659 / Filesize: 228,100,979 bytes)

License

You may use the DATASET freely for personal or commercial and NO WARRANTIES.

Motivation

National Software Reference Library (NSRL) provides Reference Data Set(RDS), which is a collection of digital signatures of known, traceable software applications. NSRLJP is a collection of a dataset which is widely used in Japan. It also includes Japanese edition of Microsoft Windows. NSRLJP is compliant with NSRL RDS data format so you can import NSRLJP into your favorite tools as well. Details of the data format, please refer to the following URL: 

Data Formats of the NSRL Reference Data Set (RDS) Distribution
http://www.nsrl.nist.gov/Documents/Data-Formats-of-the-NSRL-Reference-Data-Set-16.pdf

Catalog (NSRLJP_201905)

No.

Name

Hashes

Comment

1

Windows 7 x64 JP

40687

SP1

2

Windows 7 x86 JP

15687

SP1

3

Windows 2008 x64 JP

41250

SP2

4

Windows Vista x64 JP

22242

SP2

5

Windows Vista x86 JP

15437

SP2

6

Windows 2003 R2 x64 JP

16593

SP2

7

Windows 2003 R2 x86 JP

14562

SP2

8

Windows XP x86 JP

16080

SP3

9

Windows 2012 x64 JP

46186

 

10

Windows 8 x64 JP

16145

 

11

Office 2013 JP

12025

SP1

12

Office 2010 JP

13680

SP2

13

Office 2007 JP

2736

SP2

14

Office 2003 JP

2210

SP3

15

Office XP JP

4497

SP3

16

.NET Framework 4.x JP

50113

Version 4.0, 4.5-4.5.2, 4.6-4.6.2, 4.7-4.7.2

17

.NET Framework 3.x JP

872

Version 3.0, 3.5

18

.NET Framework 2.x JP

491

Version 2.0

19

Windows 8 x86 JP

13000

 

20

Windows Update 2006 JPN/ENU/NEU

8765

 

21

Windows Update 2007 JPN/ENU/NEU

17145

except March 2007

22

Windows Update 2008 JPN/ENU/NEU

19329

except March 2008

23

Windows Update 2009 JPN/ENU/NEU

36100

except May 2009

24

Windows Update 2010 JPN/ENU/NEU

59359

except November 2010

25

Windows Update 2011 JPN/ENU/NEU

68074

 

26

Windows Update 2012 JPN/ENU/NEU

78872

except September 2012

27

Windows Update 2013 JPN/ENU/NEU

128708

 

28

Firefox JP

65647

Version 0.8-66.0.3

29

Thunderbird JP

45679

Version 0.4-60.6.1

30

Opera JP(INT)

5117

Version 6.01-12.17

31

Adobe Reader JP

129589

Version 6.x-11.0.23, 2015(1500630033-1500630493), DC(1500720033-1901020099), 2017(1700830051-1701130138)

32

Explzh

908

Version 6.06, 7.01-7.78

33

Lhaz

153

Version 1.36, 2.1.3, 2.2.4, 2.4.0, 2.5.1, 3.3.0, 3.4.0, 3.5.1

34

Windows XP x64

10820

 

35

Windows 2008 R2 x64

9335

SP1

36

Windows 2012 R2 x64

56931

Update

37

Windows 8.1 x64

22199

Update

38

Windows 8.1 x86

19690

Update

39

Windows Update 2014 JPN/ENU/NEU

425507

 

40

Forefront Client Security

585

 

41

Hidemaru Editor

1733

Version 4.19-8.88

42

Hidemaru Mail

301

Version 6.01-6.91

43

Sakura Editor

324

Version 1.6.1.0-1.6.6.0, 2.0.4.0-2.2.0.1

44

TeraPad

44

Version 1.00-1.09

45

Windows Update 2015 JPN/ENU/NEU

430530

 

46

Windows 10 x64

302198

Version 1511, 1607, 1703, 1709, 1803, 1809, 1903

47

Windows 10 x86

193058

Version 1511, 1607, 1703, 1709, 1803, 1809, 1903

48

Lhaca

10

0.76, 0.97, 1.24

49

Lhaplus

26

1.71-1.73

50

Windows Update 2016 JPN/ENU/NEU

174336

January - August

51

Windows Server 2016

64072

include January 2017 and February 2018

52

WSUS Offline Update

975876

20190506

53

Windows Server 2019

23146

include March 2019

 

Total

3718659

 

The dataset is deduplicated based on MD5 and SHA-1. It means files have the same hash at various categories, only one record is registered into one of these categories.

Usage

We confirmed that the following tools support NSRLJP: 

  • X-ways Forensics
  • Autopsy 3.x/4.x
  • EnCase 6.x/7.x/8.x
  • OSForensics

It's probably FTK and md5deep also support.

Case Example

The following table shows the results that hashes with Windows OS are collated with NSRL, NSRLJP and both.

OS

Total number of files

(1) NSRL

(2) NSRLJP

(3) NSRL+NSRLJP

Windows 10 Pro (x64) JP

140370

10875

99662

99924

Windows 7 Ultimate SP1 (x64) JP

68995

16244

68059

68076

Windows Server 2008 Standard SP1 (x64) JP

64805

12350

53256

53547

Windows XP Professional SP3 (x86) JP

11050

5507

8170

8420

These OS are a clean install, we understand that NSRLJP includes most of hashes. In practical use, we should NSRL as well because it includes a wide variety of applications. Hash analysis is a traditional approach, but it will become increasingly important because the number of files in storages has increased year by year.

History

2019/05/18

NSRLJP_201905 released (Hashes: 3,718,659 / Filesize: 228,100,979 bytes)
Addition to Windows 10 (1803, 1809, 1903) and Windows 2019.

2018/02/12

NSRLJP_201802 released (Hashes: 2,993,931 / Filesize: 180,917,699 bytes)
Addition to Windows 10 (1703, 1709) and Windows 2016, WSUS Offline Update for WIndows Update.

2016/09/20

NSRLJP_201609 released (Hashes: 2,309,928 / Filesize: 158,073,246 bytes)
Addition to Windows 10 (1511, 1607), .NET Framework 4.6.1, 4.6.2 and Windows Update 2016.

2015/08/14

NSRLJP_201508_rev2 released (Hashes: 1,659,348 / Filesize: 114,136,669 bytes)
Excluded invalid record.

2015/08/11

NSRLJP_201508 released
Addition to Windows 10, .NET Framework 4.5.2, 4.6, Lhaca, Lhaplus and Windows Update 2015.

2014/08/10

NSRLJP_201408 released (Hashes: 1,096,364 / Filesize: 75,095,909 bytes)
Addition to Windows 8.1, 2012R2 Update, Office 2013 SP1, Office 2010 SP2, .NET Framework 3.5, 4.0, 4.5.1 and Windows Update 2014

2014/01/22

NSRLJP_201401 released (Hashes: 532,923 / Filesize: 38,245,480 bytes)
Addition to Windows 8.1, Windows 2008 R2 and Windows 2012.

2013/08/03

NSRLJP_201308 released (Hashes: 401,211 / Filesize: 28,657,266 bytes)
Addition to Windows Update, Adobe and Firefox.

2013/01/27

NSRLJP_201301 released (Hashes: 284,419 / Filesize: 20,673,998 bytes)
Addition to Windows 8/2012, Office XP/2003/2007/2010/2013 and .NET 2.0/3.0/4.5.

2011/09

Initial released (Hashes: 187,430 / Filesize: 13,817,931 bytes)