SigcheckGUI - file information and hashing

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.

Moderators: usdcs, Andrew Lee, webfork

Message
Author
User avatar
Checker
Posts: 1621
Joined: Wed Jun 20, 2007 1:00 pm
Location: Ingolstadt [DE]

SigcheckGUI - file information and hashing

#1 Post by Checker » Mon Nov 03, 2014 1:48 pm

[Moderator note: this thread was split from the New at Skwire thread.]

----

I've added SigcheckGUI to the database.
Description: GUI front-end for sigcheck.exe from Sysinternals.
http://www.portablefreeware.com/index.php?id=2646 ... please vote :!:

User avatar
I am Baas
Posts: 4142
Joined: Thu Aug 07, 2008 4:51 am

Re: New at Skwire Empire

#2 Post by I am Baas » Mon Nov 03, 2014 11:40 pm

Checker wrote:I've added SigcheckGUI to the database.
Description: GUI front-end for sigcheck.exe from Sysinternals.
http://www.portablefreeware.com/index.php?id=2646 ... please vote :!:
Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
Bəəs 2.0

User avatar
Midas
Posts: 3974
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: New at Skwire Empire

#3 Post by Midas » Tue Nov 04, 2014 5:42 am

I am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
  • I'm aware of that; nonetheless I'm willing to upvote SigCheckGUI considering the fact that Sysinternals releases are prime freeware.

    :?: Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?

User avatar
I am Baas
Posts: 4142
Joined: Thu Aug 07, 2008 4:51 am

Re: New at Skwire Empire

#4 Post by I am Baas » Tue Nov 04, 2014 6:47 am

Midas wrote:
I am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
<br sab="732">
  • I'm aware of that; nonetheless I'm willing to upvote SigCheckGUI considering the fact that Sysinternals releases are prime freeware.<br sab="733"><br sab="734">:?: Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?
Did you see the DB entry?
Under "Stealth" it says "Yes", that what I was commenting on.
Bəəs 2.0

User avatar
Checker
Posts: 1621
Joined: Wed Jun 20, 2007 1:00 pm
Location: Ingolstadt [DE]

Re: New at Skwire Empire

#5 Post by Checker » Tue Nov 04, 2014 8:02 am

I am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
Oops, right you are :oops:
I am Baas wrote:Under "Stealth" it says "Yes", that what I was commenting on.
Changed :wink:

User avatar
Midas
Posts: 3974
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: New at Skwire Empire

#6 Post by Midas » Tue Nov 04, 2014 9:36 am

I am Baas wrote:Did you see the DB entry? Under "Stealth" it says "Yes", that what I was commenting on.
  • Sorry, hadn't -- so I didn't get that... :oops:

User avatar
Checker
Posts: 1621
Joined: Wed Jun 20, 2007 1:00 pm
Location: Ingolstadt [DE]

Re: New at Skwire Empire

#7 Post by Checker » Tue Nov 04, 2014 9:52 am

I am Baas wrote:Thanks, Checker. Voted.
Thanks Image

User avatar
skwire
Posts: 28
Joined: Fri Dec 30, 2011 1:14 pm
Contact:

Re: New at Skwire Empire

#8 Post by skwire » Tue Nov 04, 2014 4:58 pm

Midas wrote::?: Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?
I'm not sure what is expected here. Sysinternals' Sigcheck.exe commandline program requires those registry entries in order to function. Yes, I could delete them when SigcheckGUI exits but you will be asked to accept them again the next time it's run. For the record, no, I'm not willing to automatically set/delete the registry entries without user interaction.

User avatar
Midas
Posts: 3974
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: New at Skwire Empire

#9 Post by Midas » Wed Nov 05, 2014 2:32 am

OK, fair enough. Although it worked recently in another case, we'll just strike this as a crazy idea, then; thanks for chiming in anyway, my dear Skwire. :)

User avatar
webfork
Posts: 7516
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: SigcheckGUI

#10 Post by webfork » Fri Jun 26, 2015 5:02 pm

I'm so glad I dug into this a little bit because it's like VirusTotal on steroids (and it includes a VirusTotal analysis).

Background: When a program home page goes offline (happens all the time) we will often go digging for a mirror or other host for the official file and/or accessory files. Sometimes they come from disreputable sources (e.g. some random hosting location). This program is going to save me a lot of time trying to get data on given files and their status. The VirusTotal site has been a huge resource here, but SigCheckUI brings it all into one package.

Not only does it give data on who signed the EXE or DLL file, it also gives hashing information (which can be used to search for a file), tons of other program metadata, and of course VirusTotal analysis. It can even be run on all active processes to give you data on your system. Here's an example spreadsheet output with Everything and ShareX.

Entry has been updated.

Note: To get the hashes and VirusTotal data, you have to click on the Options tab first and enable those. If you want to hash more than just EXEs and DLLs (e.g. if you're using this to check distributions like ZIP or 7Z files) you have to add those.

Wishlist (minor requests):
  • When adding folders, the ability to paste in a folder location would be ideal (e.g. a blank space to paste in c:\Users\Admin\Whatever) rather than going through a nagivation sequence.
  • Right now the interface is frozen while it scans. I'd like to see it interactive, but maybe this reduces stability.
  • Ability to uncheck hashes you don't want to compute (slightly faster)

Questions
  • What is PESHA1 and PE256? I can't seem to find anything on the sysinternals site or on the web
Finally, it was also interesting to run it on active processes. If you're curious about this program but don't have a direct use for it, this might grab you.
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

TP109
Posts: 483
Joined: Sat Apr 08, 2006 7:12 pm
Location: Illinois/Indiana

Re: SigcheckGUI

#11 Post by TP109 » Sat Jun 27, 2015 10:57 am

Agreed. It is a very useful app. Runs on XP too.

User avatar
webfork
Posts: 7516
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: SigcheckGUI

#12 Post by webfork » Sun Jan 24, 2016 2:02 pm

I've posted a dead-simple spreadsheet tool for analyzing programs to quickly grab the relevant hashes and VirusTotal data and getting it into forums. This is important because we're increasingly relying on VirusTotal to avoid false positive issues and, on more than one occasion, I've looked for a file based on it's hash value. This covers both issues in one sweep.

There are a lot of steps below but it's a really simple process once you get it set up.

Steps:
  1. Start SigCheckGUI, making sure all the Options items for VirusTotal and Hashes are checked
  2. Drag and drop a file to hash
  3. Right click on the item and select "Copy Row Data"
  4. Download and open the XLS file (works in Excel, OpenOffice, LibreOffice, etc) and select cell A2
  5. Right click on this same cell and choose "Paste"
  6. Click on the Output tab at the bottom, copy the first two columns, and paste into forums
----

Example output: DirSyncPro:

File Data

  • Filename: DirSyncPro.exe
    MD5: C95A140B84BC841AE9F431C096E841AB
    SHA1: B599CFFA4512C708C7CD7BE8AF120AF34DA5CEF2
    SHA256: 0EE0C736AC178C7E3CBE79C3B479B8976EE1CCC76257920958AC2652C06B8F2B
    VirusTotal Rating: 0/42
    VirusTotal URL: https://www.virustotal.com/file/0ee0c73 ... /analysis/
Last edited by webfork on Sun Jan 24, 2016 2:16 pm, edited 1 time in total.
Reason: [better wording, rearranged some info]
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

User avatar
webfork
Posts: 7516
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: SigcheckGUI

#13 Post by webfork » Mon Jan 25, 2016 11:48 am

webfork wrote:I've posted a dead-simple spreadsheet tool
User TP109 built a really sharp Excel spreadsheet based on my idea. Note that LibreOffice users will need to enable a feature in LibreOffice (Options - LibreOffice - Security - Macro Security - Medium) and then click "Edit Document" on open.

Awesome stuff.
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

User avatar
joby_toss
Posts: 2902
Joined: Sat Feb 09, 2008 9:57 am
Location: Romania
Contact:

Re: SigcheckGUI

#14 Post by joby_toss » Tue Feb 02, 2016 11:56 pm

Thank you both, webfork and TP109, for this spreadsheet! 'Very handy!
Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.

User avatar
webfork
Posts: 7516
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: SigcheckGUI

#15 Post by webfork » Fri Feb 05, 2016 6:24 pm

joby_toss wrote:Thank you both, webfork and TP109, for this spreadsheet!
Thanks, I’m glad that helps.
joby_toss wrote:Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.
I sent SKwire a note about this but I suspect he’ll feel this is a niche feature.
Supporting Net Neutrality - BattleForTheNet | Why this matters | More from EFF.org

Post Reply