The Portable Freeware Collection Forums

[Moderator note: this thread was split from the New at Skwire thread.]

----

I've added SigcheckGUI to the database.

Description: GUI front-end for sigcheck.exe from Sysinternals.

http://www.portablefreeware.com/index.php?id=2646 ... please vote

Checker wrote:I've added SigcheckGUI to the database.

Description: GUI front-end for sigcheck.exe from Sysinternals.

http://www.portablefreeware.com/index.php?id=2646 ... please vote

Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.

I am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.

I'm aware of that; nonetheless I'm willing to upvote SigCheckGUI considering the fact that Sysinternals releases are prime freeware.

Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?

Midas wrote:

I am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.

I'm aware of that; nonetheless I'm willing to upvote SigCheckGUI considering the fact that Sysinternals releases are prime freeware. Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?

Did you see the DB entry?
Under "Stealth" it says "Yes", that what I was commenting on.

I am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.

Oops, right you are

I am Baas wrote:Under "Stealth" it says "Yes", that what I was commenting on.

Changed

I am Baas wrote:Did you see the DB entry? Under "Stealth" it says "Yes", that what I was commenting on.

Sorry, hadn't -- so I didn't get that...

I am Baas wrote:Thanks, Checker. Voted.

Thanks

Midas wrote: Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?

I'm not sure what is expected here. Sysinternals' Sigcheck.exe commandline program requires those registry entries in order to function. Yes, I could delete them when SigcheckGUI exits but you will be asked to accept them again the next time it's run. For the record, no, I'm not willing to automatically set/delete the registry entries without user interaction.

OK, fair enough. Although it worked recently in another case, we'll just strike this as a crazy idea, then; thanks for chiming in anyway, my dear Skwire.

I'm so glad I dug into this a little bit because it's like VirusTotal on steroids (and it includes a VirusTotal analysis).

Background: When a program home page goes offline (happens all the time) we will often go digging for a mirror or other host for the official file and/or accessory files. Sometimes they come from disreputable sources (e.g. some random hosting location). This program is going to save me a lot of time trying to get data on given files and their status. The VirusTotal site has been a huge resource here, but SigCheckUI brings it all into one package.

Not only does it give data on who signed the EXE or DLL file, it also gives hashing information (which can be used to search for a file), tons of other program metadata, and of course VirusTotal analysis. It can even be run on all active processes to give you data on your system. Here's an example spreadsheet output with Everything and ShareX.

Entry has been updated.

Note: To get the hashes and VirusTotal data, you have to click on the Options tab first and enable those. If you want to hash more than just EXEs and DLLs (e.g. if you're using this to check distributions like ZIP or 7Z files) you have to add those.

Wishlist (minor requests):

• When adding folders, the ability to paste in a folder location would be ideal (e.g. a blank space to paste in c:\Users\Admin\Whatever) rather than going through a nagivation sequence.
• Right now the interface is frozen while it scans. I'd like to see it interactive, but maybe this reduces stability.
• Ability to uncheck hashes you don't want to compute (slightly faster)

Questions

• What is PESHA1 and PE256? I can't seem to find anything on the sysinternals site or on the web

Finally, it was also interesting to run it on active processes. If you're curious about this program but don't have a direct use for it, this might grab you.

Agreed. It is a very useful app. Runs on XP too.

I've posted a dead-simple spreadsheet tool for analyzing programs to quickly grab the relevant hashes and VirusTotal data and getting it into forums. This is important because we're increasingly relying on VirusTotal to avoid false positive issues and, on more than one occasion, I've looked for a file based on it's hash value. This covers both issues in one sweep.

There are a lot of steps below but it's a really simple process once you get it set up.

Steps:

1. Start SigCheckGUI, making sure all the Options items for VirusTotal and Hashes are checked
2. Drag and drop a file to hash
3. Right click on the item and select "Copy Row Data"
4. Download and open the XLS file (works in Excel, OpenOffice, LibreOffice, etc) and select cell A2
5. Right click on this same cell and choose "Paste"
6. Click on the Output tab at the bottom, copy the first two columns, and paste into forums

----

Example output: DirSyncPro:

File Data

• 
  Filename: DirSyncPro.exe
  MD5: C95A140B84BC841AE9F431C096E841AB
  SHA1: B599CFFA4512C708C7CD7BE8AF120AF34DA5CEF2
  SHA256: 0EE0C736AC178C7E3CBE79C3B479B8976EE1CCC76257920958AC2652C06B8F2B
  VirusTotal Rating: 0/42
  VirusTotal URL: https://www.virustotal.com/file/0ee0c73 ... /analysis/
  

webfork wrote:I've posted a dead-simple spreadsheet tool

User TP109 built a really sharp Excel spreadsheet based on my idea. Note that LibreOffice users will need to enable a feature in LibreOffice (Options - LibreOffice - Security - Macro Security - Medium) and then click "Edit Document" on open.

Awesome stuff.

Thank you both, webfork and TP109, for this spreadsheet! 'Very handy!
Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.

joby_toss wrote:Thank you both, webfork and TP109, for this spreadsheet!

Thanks, I’m glad that helps.

joby_toss wrote:Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.

I sent SKwire a note about this but I suspect he’ll feel this is a niche feature.