Import Hashing is another technique that can be used to identify related samples and the samples used by the same threat actor groups. Import hash (or imphash) is a technique in which hash values are calculated based on the library/imported function (API) names and their particular order within the executable. If the files were compiled from the same source and in the same manner, those files would tend to have the same imphash value. During your malware investigation, if you come across samples that have the same imphash values, it means that they have the same import address table and are probably related.