It is currently Mon Dec 11, 2017 1:19 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 45 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: SigcheckGUI - file information and hashing
PostPosted: Mon Nov 03, 2014 1:48 pm 
Offline
User avatar

Joined: Wed Jun 20, 2007 1:00 pm
Posts: 1616
Location: Ingolstadt [DE]
[Moderator note: this thread was split from the New at Skwire thread.]

----

I've added SigcheckGUI to the database.
Quote:
Description: GUI front-end for sigcheck.exe from Sysinternals.

http://www.portablefreeware.com/index.php?id=2646 ... please vote :!:


Top
 Profile  
 
 Post subject: Re: New at Skwire Empire
PostPosted: Mon Nov 03, 2014 11:40 pm 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 4139
Checker wrote:
I've added SigcheckGUI to the database.
Quote:
Description: GUI front-end for sigcheck.exe from Sysinternals.

http://www.portablefreeware.com/index.php?id=2646 ... please vote :!:


Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.

_________________
Bəəs 2.0


Top
 Profile  
 
 Post subject: Re: New at Skwire Empire
PostPosted: Tue Nov 04, 2014 5:42 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3886
Location: Sol3
I am Baas wrote:
Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.

    I'm aware of that; nonetheless I'm willing to upvote SigCheckGUI considering the fact that Sysinternals releases are prime freeware.

    :?: Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?


Top
 Profile  
 
 Post subject: Re: New at Skwire Empire
PostPosted: Tue Nov 04, 2014 6:47 am 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 4139
Midas wrote:
I am Baas wrote:
Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
<br sab="732">
    I'm aware of that; nonetheless I'm willing to upvote SigCheckGUI considering the fact that Sysinternals releases are prime freeware.<br sab="733"><br sab="734">:?: Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?


Did you see the DB entry?
Under "Stealth" it says "Yes", that what I was commenting on.

_________________
Bəəs 2.0


Top
 Profile  
 
 Post subject: Re: New at Skwire Empire
PostPosted: Tue Nov 04, 2014 8:02 am 
Offline
User avatar

Joined: Wed Jun 20, 2007 1:00 pm
Posts: 1616
Location: Ingolstadt [DE]
I am Baas wrote:
Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
Oops, right you are :oops:
I am Baas wrote:
Under "Stealth" it says "Yes", that what I was commenting on.
Changed :wink:


Top
 Profile  
 
 Post subject: Re: New at Skwire Empire
PostPosted: Tue Nov 04, 2014 9:36 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3886
Location: Sol3
I am Baas wrote:
Did you see the DB entry? Under "Stealth" it says "Yes", that what I was commenting on.

    Sorry, hadn't -- so I didn't get that... :oops:


Top
 Profile  
 
 Post subject: Re: New at Skwire Empire
PostPosted: Tue Nov 04, 2014 9:52 am 
Offline
User avatar

Joined: Wed Jun 20, 2007 1:00 pm
Posts: 1616
Location: Ingolstadt [DE]
I am Baas wrote:
Thanks, Checker. Voted.
Thanks Image


Top
 Profile  
 
 Post subject: Re: New at Skwire Empire
PostPosted: Tue Nov 04, 2014 4:58 pm 
Offline
User avatar

Joined: Fri Dec 30, 2011 1:14 pm
Posts: 28
Midas wrote:
:?: Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?


I'm not sure what is expected here. Sysinternals' Sigcheck.exe commandline program requires those registry entries in order to function. Yes, I could delete them when SigcheckGUI exits but you will be asked to accept them again the next time it's run. For the record, no, I'm not willing to automatically set/delete the registry entries without user interaction.


Top
 Profile  
 
 Post subject: Re: New at Skwire Empire
PostPosted: Wed Nov 05, 2014 2:32 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3886
Location: Sol3
OK, fair enough. Although it worked recently in another case, we'll just strike this as a crazy idea, then; thanks for chiming in anyway, my dear Skwire. :)


Top
 Profile  
 
 Post subject: Re: SigcheckGUI
PostPosted: Fri Jun 26, 2015 5:02 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7411
Location: US, Texas
I'm so glad I dug into this a little bit because it's like VirusTotal on steroids (and it includes a VirusTotal analysis).

Background: When a program home page goes offline (happens all the time) we will often go digging for a mirror or other host for the official file and/or accessory files. Sometimes they come from disreputable sources (e.g. some random hosting location). This program is going to save me a lot of time trying to get data on given files and their status. The VirusTotal site has been a huge resource here, but SigCheckUI brings it all into one package.

Not only does it give data on who signed the EXE or DLL file, it also gives hashing information (which can be used to search for a file), tons of other program metadata, and of course VirusTotal analysis. It can even be run on all active processes to give you data on your system. Here's an example spreadsheet output with Everything and ShareX.

Entry has been updated.

Note: To get the hashes and VirusTotal data, you have to click on the Options tab first and enable those. If you want to hash more than just EXEs and DLLs (e.g. if you're using this to check distributions like ZIP or 7Z files) you have to add those.

Wishlist (minor requests):

  • When adding folders, the ability to paste in a folder location would be ideal (e.g. a blank space to paste in c:\Users\Admin\Whatever) rather than going through a nagivation sequence.

  • Right now the interface is frozen while it scans. I'd like to see it interactive, but maybe this reduces stability.

  • Ability to uncheck hashes you don't want to compute (slightly faster)


Questions

  • What is PESHA1 and PE256? I can't seem to find anything on the sysinternals site or on the web

Finally, it was also interesting to run it on active processes. If you're curious about this program but don't have a direct use for it, this might grab you.

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Top
 Profile  
 
 Post subject: Re: SigcheckGUI
PostPosted: Sat Jun 27, 2015 10:57 am 
Offline

Joined: Sat Apr 08, 2006 7:12 pm
Posts: 479
Location: Illinois/Indiana
Agreed. It is a very useful app. Runs on XP too.


Top
 Profile  
 
 Post subject: Re: SigcheckGUI
PostPosted: Sun Jan 24, 2016 2:02 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7411
Location: US, Texas
I've posted a dead-simple spreadsheet tool for analyzing programs to quickly grab the relevant hashes and VirusTotal data and getting it into forums. This is important because we're increasingly relying on VirusTotal to avoid false positive issues and, on more than one occasion, I've looked for a file based on it's hash value. This covers both issues in one sweep.

There are a lot of steps below but it's a really simple process once you get it set up.

Steps:

  1. Start SigCheckGUI, making sure all the Options items for VirusTotal and Hashes are checked
  2. Drag and drop a file to hash
  3. Right click on the item and select "Copy Row Data"
  4. Download and open the XLS file (works in Excel, OpenOffice, LibreOffice, etc) and select cell A2
  5. Right click on this same cell and choose "Paste"
  6. Click on the Output tab at the bottom, copy the first two columns, and paste into forums

----

Example output: DirSyncPro:

File Data

    Filename: DirSyncPro.exe
    MD5: C95A140B84BC841AE9F431C096E841AB
    SHA1: B599CFFA4512C708C7CD7BE8AF120AF34DA5CEF2
    SHA256: 0EE0C736AC178C7E3CBE79C3B479B8976EE1CCC76257920958AC2652C06B8F2B
    VirusTotal Rating: 0/42
    VirusTotal URL: https://www.virustotal.com/file/0ee0c73 ... /analysis/

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Last edited by webfork on Sun Jan 24, 2016 2:16 pm, edited 1 time in total.
[better wording, rearranged some info]


Top
 Profile  
 
 Post subject: Re: SigcheckGUI
PostPosted: Mon Jan 25, 2016 11:48 am 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7411
Location: US, Texas
webfork wrote:
I've posted a dead-simple spreadsheet tool

User TP109 built a really sharp Excel spreadsheet based on my idea. Note that LibreOffice users will need to enable a feature in LibreOffice (Options - LibreOffice - Security - Macro Security - Medium) and then click "Edit Document" on open.

Awesome stuff.

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Top
 Profile  
 
 Post subject: Re: SigcheckGUI
PostPosted: Tue Feb 02, 2016 11:56 pm 
Offline
User avatar

Joined: Sat Feb 09, 2008 9:57 am
Posts: 2902
Location: Romania
Thank you both, webfork and TP109, for this spreadsheet! 'Very handy!
Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.

_________________
My Tox ID


Top
 Profile  
 
 Post subject: Re: SigcheckGUI
PostPosted: Fri Feb 05, 2016 6:24 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 7411
Location: US, Texas
joby_toss wrote:
Thank you both, webfork and TP109, for this spreadsheet!

Thanks, I’m glad that helps.

joby_toss wrote:
Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.

I sent SKwire a note about this but I suspect he’ll feel this is a niche feature.

_________________
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 45 posts ]  Go to page 1, 2, 3  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group