Search This Blog

Use Sigcheck and VirusTotal to Scan Files for Malware

Sigcheck is a tool to check files digital signature, and recently is updated to auidt the root CA stores. And it can also be used to scan files for malware via VirusTotal.

Unless the -vs option is used, sigcheck only compares the hash of a file in VirusTotal’s database to determine whether the file contains malware.

  • Download the latest version of Sigcheck (as of 01/26/2016, v.2.42)
  • Unzip the zip file to a folder
  • Open Command Prompt as Administrator, and change to the folder
  • Run sigcheck.exe -vt, and enter y to agree the VirusTotal policy
  • To scan a file: sigcheck.exe -v <filename>
  • To upload a file that is not previously scanned to VirtualTotal; the file size is up to 128MB: sigcheck.exe -vs <filename>
  • To scan a folder and subfolder: sigcheck.exe -v -s <foldername>
  • To scan and create a CSV report: sigcheck.exe -v -s -c <foldername> > <report.csv>
    • Check the VT detection column for the number of antivirus engine deteted a malware and used
    • Open the URL in VT link in a browser to get the detail of the analysis - which antivirus engine and type of malware

No comments:

Post a Comment

Use WinSCP to Transfer Files in vCSA 6.7

This is a quick update on my previous post “ Use WinSCP to Transfer Files in vCSA 6.5 ”. When I try the same SFTP server setting in vCSA 6.7...