Author: Hunt_0001
Subject: Sigcheck - file hash retrieval
Posted: 08 April 2013 at 11:05pm
How does sigcheck get the md5/sha1/sha256 hashes? I assume it calculates it using some prepackaged hashing function but I'd rather be 100% positive.
Also I read an article on these forums about how Sigcheck wouldn't use the catalog hash (cathash) to show a hash for .sys (e.g. realtek audio) files signed via a catalog (CAT) file. Has that been fixed in 1.9x or is that not a feature of Sigcheck?
Just wondering how much of the output data I can trust and in what context (I know it's all caveat emptor but pragmatically how suspicious should I be of unsigned DLL's and EXE's in System32?).
Subject: Sigcheck - file hash retrieval
Posted: 08 April 2013 at 11:05pm
How does sigcheck get the md5/sha1/sha256 hashes? I assume it calculates it using some prepackaged hashing function but I'd rather be 100% positive.
Also I read an article on these forums about how Sigcheck wouldn't use the catalog hash (cathash) to show a hash for .sys (e.g. realtek audio) files signed via a catalog (CAT) file. Has that been fixed in 1.9x or is that not a feature of Sigcheck?
Just wondering how much of the output data I can trust and in what context (I know it's all caveat emptor but pragmatically how suspicious should I be of unsigned DLL's and EXE's in System32?).