Continuing my diary entries on Sysinternals tools with VirusTotal support, I'm taking a look at sigcheck.
Sigcheck is a command-line utility to check the digital signature of files like PE files (EXEs).
Sigcheck also supports VirusTotal searches. When you use option -v, the hash of the file will be submitted to VirusTotal. The first time you run it, you'll have to accept VirusTotal's terms (or use option -vt to accept and avoid the prompt):
You'll get the score and a link to the report for the checked file.
If a hash is not present in VirusTotal's database, the file will not be submitted, unless you use option -vs:
You can scan a complete disk with option -s and specifying the root folder of the disk (e.g. c:\), and you can produce a CSV report with option -c:
As can be seen from this last screenshot, files without digital signature are also checked with VirusTotal.
Sysinternals: http://technet.microsoft.com/en-us/sysinternals
VirusTotal: https://www.virustotal.com/
'security_downloads' 카테고리의 다른 글
일본 내에서 사상 최대의 랜섬웨어 피해 2016 년 상반기 위협 동향을 분석(트렌트 마이크로 분석) (0) | 2016.09.01 |
---|---|
개인정보의 안전성 확보조치 기준 고시 개정안 (시행일 2016.09.01) (0) | 2016.09.01 |
Autoruns and VirusTotal (0) | 2015.07.23 |
Process Explorer and VirusTotal (0) | 2015.07.23 |
RFC 7540 - HTTP/2 protocol (0) | 2015.06.17 |