Explore high-confidence malware attribution techniques using the Rich Header in this 50-minute conference talk. Delve into the undocumented Microsoft Rich Header and its potential for uniquely identifying malware build environments. Learn how the header is generated, its role in fingerprinting, and the development of a metadata hash for large-scale sample detection. Gain insights into PE file format components, Rich Header analysis case studies, and various packing techniques. Examine the strengths and weaknesses of different metadata hashing methods, including Imphash, Pehash, and the presenters' own RichPE hash. Investigate Rich Header spoofing feasibility and validity checks, with real-world examples like OlympicDestroyer and RLPack. Presented by UMBC students and cybersecurity enthusiasts Kevin Bilzer, RJ Joyce, and Seamus Burke, this talk offers valuable knowledge for malware analysts and cybersecurity professionals.