----
I've added SigcheckGUI to the database.
http://www.portablefreeware.com/index.php?id=2646 ... please voteDescription: GUI front-end for sigcheck.exe from Sysinternals.
SigcheckGUI - file information and hashing
SigcheckGUI - file information and hashing
[Moderator note: this thread was split from the New at Skwire thread.]
----
I've added SigcheckGUI to the database.
----
I've added SigcheckGUI to the database.
Re: New at Skwire Empire
Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.Checker wrote:I've added SigcheckGUI to the database.http://www.portablefreeware.com/index.php?id=2646 ... please voteDescription: GUI front-end for sigcheck.exe from Sysinternals.
Re: New at Skwire Empire
I'm aware of that; nonetheless I'm willing to upvote SigCheckGUI considering the fact that Sysinternals releases are prime freeware.I am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
Maybe Skwire could add an option to SigCheckGUI to deal with the corresponding registry entries; whaddaya think?Re: New at Skwire Empire
Did you see the DB entry?Midas wrote:I'm aware of that; nonetheless I'm willing to upvote SigCheckGUI considering the fact that Sysinternals releases are prime freeware.I am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
Under "Stealth" it says "Yes", that what I was commenting on.
Re: New at Skwire Empire
Oops, right you areI am Baas wrote:Anything Sysinternals require acceptance of the EULA... writes to the registry... not stealth.
ChangedI am Baas wrote:Under "Stealth" it says "Yes", that what I was commenting on.
Re: New at Skwire Empire
Sorry, hadn't -- so I didn't get that...I am Baas wrote:Did you see the DB entry? Under "Stealth" it says "Yes", that what I was commenting on.
Re: New at Skwire Empire
ThanksI am Baas wrote:Thanks, Checker. Voted.
Re: New at Skwire Empire
I'm not sure what is expected here. Sysinternals' Sigcheck.exe commandline program requires those registry entries in order to function. Yes, I could delete them when SigcheckGUI exits but you will be asked to accept them again the next time it's run. For the record, no, I'm not willing to automatically set/delete the registry entries without user interaction.Midas wrote:
Re: New at Skwire Empire
OK, fair enough. Although it worked recently in another case, we'll just strike this as a crazy idea, then; thanks for chiming in anyway, my dear Skwire. 
Re: SigcheckGUI
I'm so glad I dug into this a little bit because it's like VirusTotal on steroids (and it includes a VirusTotal analysis).
Background: When a program home page goes offline (happens all the time) we will often go digging for a mirror or other host for the official file and/or accessory files. Sometimes they come from disreputable sources (e.g. some random hosting location). This program is going to save me a lot of time trying to get data on given files and their status. The VirusTotal site has been a huge resource here, but SigCheckUI brings it all into one package.
Not only does it give data on who signed the EXE or DLL file, it also gives hashing information (which can be used to search for a file), tons of other program metadata, and of course VirusTotal analysis. It can even be run on all active processes to give you data on your system. Here's an example spreadsheet output with Everything and ShareX.
Entry has been updated.
Note: To get the hashes and VirusTotal data, you have to click on the Options tab first and enable those. If you want to hash more than just EXEs and DLLs (e.g. if you're using this to check distributions like ZIP or 7Z files) you have to add those.
Wishlist (minor requests):
Questions
Background: When a program home page goes offline (happens all the time) we will often go digging for a mirror or other host for the official file and/or accessory files. Sometimes they come from disreputable sources (e.g. some random hosting location). This program is going to save me a lot of time trying to get data on given files and their status. The VirusTotal site has been a huge resource here, but SigCheckUI brings it all into one package.
Not only does it give data on who signed the EXE or DLL file, it also gives hashing information (which can be used to search for a file), tons of other program metadata, and of course VirusTotal analysis. It can even be run on all active processes to give you data on your system. Here's an example spreadsheet output with Everything and ShareX.
Entry has been updated.
Note: To get the hashes and VirusTotal data, you have to click on the Options tab first and enable those. If you want to hash more than just EXEs and DLLs (e.g. if you're using this to check distributions like ZIP or 7Z files) you have to add those.
Wishlist (minor requests):
- When adding folders, the ability to paste in a folder location would be ideal (e.g. a blank space to paste in c:\Users\Admin\Whatever) rather than going through a nagivation sequence.
- Right now the interface is frozen while it scans. I'd like to see it interactive, but maybe this reduces stability.
- Ability to uncheck hashes you don't want to compute (slightly faster)
Questions
- What is PESHA1 and PE256? I can't seem to find anything on the sysinternals site or on the web
Re: SigcheckGUI
Agreed. It is a very useful app. Runs on XP too.
Re: SigcheckGUI
I've posted a dead-simple spreadsheet tool for analyzing programs to quickly grab the relevant hashes and VirusTotal data and getting it into forums. This is important because we're increasingly relying on VirusTotal to avoid false positive issues and, on more than one occasion, I've looked for a file based on it's hash value. This covers both issues in one sweep.
There are a lot of steps below but it's a really simple process once you get it set up.
Steps:
Example output: DirSyncPro:
File Data
There are a lot of steps below but it's a really simple process once you get it set up.
Steps:
- Start SigCheckGUI, making sure all the Options items for VirusTotal and Hashes are checked
- Drag and drop a file to hash
- Right click on the item and select "Copy Row Data"
- Download and open the XLS file (works in Excel, OpenOffice, LibreOffice, etc) and select cell A2
- Right click on this same cell and choose "Paste"
- Click on the Output tab at the bottom, copy the first two columns, and paste into forums
Example output: DirSyncPro:
File Data
-
Filename: DirSyncPro.exe
MD5: C95A140B84BC841AE9F431C096E841AB
SHA1: B599CFFA4512C708C7CD7BE8AF120AF34DA5CEF2
SHA256: 0EE0C736AC178C7E3CBE79C3B479B8976EE1CCC76257920958AC2652C06B8F2B
VirusTotal Rating: 0/42
VirusTotal URL: https://www.virustotal.com/file/0ee0c73 ... /analysis/
Last edited by webfork on Sun Jan 24, 2016 2:16 pm, edited 1 time in total.
Reason: [better wording, rearranged some info]
Reason: [better wording, rearranged some info]
Re: SigcheckGUI
User TP109 built a really sharp Excel spreadsheet based on my idea. Note that LibreOffice users will need to enable a feature in LibreOffice (Options - LibreOffice - Security - Macro Security - Medium) and then click "Edit Document" on open.webfork wrote:I've posted a dead-simple spreadsheet tool
Awesome stuff.
Re: SigcheckGUI
Thank you both, webfork and TP109, for this spreadsheet! 'Very handy!
Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.
Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.
Re: SigcheckGUI
Thanks, I’m glad that helps.joby_toss wrote:Thank you both, webfork and TP109, for this spreadsheet!
I sent SKwire a note about this but I suspect he’ll feel this is a niche feature.joby_toss wrote:Would be nice if SigcheckGUI would be able to output this (formatted) info by itself.