Sigcheck option memo
?Download as PPTX, PDF?
0 likes?452 views
The sigcheck tool was used to analyze the file ShinoBOT.exe. Sigcheck provides information about file signatures, hashes, entropy, and VirusTotal scanning. When run with various options, sigcheck output details on the file such as it being unsigned, its internal and file versions, entropy value, and hashes that could be used for scanning on VirusTotal. Sigcheck was also used to check a signed file and output the signature details.
Sigcheck option memo
- 2. no option >sigcheck Shinobot.exe Sigcheck v2.30 - File version and signature viewer Copyright (C) 2004-2015 Mark Russinovich Sysinternals - www.sysinternals.com E:DesktopShinoBOT.exe: Verified: Unsigned Link date: 17:41 2016/12/22 Publisher: n/a Company: Sh1n0g1 Inc. Description: ShinoBOT Product: ShinoBOT Prod version: 3.1.0.0 File version: 3.1.0.0 MachineType: 32-bit
- 3. -q (quiet) >sigcheck -q ShinoBOT.exe E:DesktopShinoBOT.exe: Verified: Unsigned Link date: 17:41 2016/12/22 Publisher: n/a Company: Sh1n0g1 Inc. Description: ShinoBOT Product: ShinoBOT Prod version: 3.1.0.0 File version: 3.1.0.0 MachineType: 32-bit The following banner disappears. Sigcheck v2.30 - File version and signature viewer Copyright (C) 2004-2015 Mark Russinovich Sysinternals - www.sysinternals.com
- 4. -a (extended version information, entropy) >sigcheck -a ShinoBOT.exe Sigcheck v2.30 - File version and signature viewer Copyright (C) 2004-2015 Mark Russinovich Sysinternals - www.sysinternals.com E:DesktopShinoBOT.exe: Verified: Unsigned Link date: 17:41 2016/12/22 Publisher: n/a Company: Sh1n0g1 Inc. Description: ShinoBOT Product: ShinoBOT Prod version: 3.1.0.0 File version: 3.1.0.0 MachineType: 32-bit Binary Version: 3.1.0.0 Original Name: SHINOBOT_BUILDER.exe Internal Name: SHINOBOT_BUILDER.exe Copyright: Sh1n0g1 Inc. Comments: RAT simulator Entropy: 4.719
- 5. -h (hashes) >sigcheck -h ShinoBOT.exe Sigcheck v2.30 - File version and signature viewer Copyright (C) 2004-2015 Mark Russinovich Sysinternals - www.sysinternals.com E:DesktopShinoBOT.exe: Verified: Unsigned Link date: 17:41 2016/12/22 Publisher: n/a Company: Sh1n0g1 Inc. Description: ShinoBOT Product: ShinoBOT Prod version: 3.1.0.0 File version: 3.1.0.0 MachineType: 32-bit MD5: 9B2166D3B72C84396EDECE1673E923B7 SHA1: CF8C8D3F48FB1304E0AAB7EFB6C3EB9BBE833BC5 PESHA1: 5A7BAE6C68F50ABA37EB0FDC5B698115DB13C14B PE256: CB30CF07163B72F49DADA51CDC3965E6F79AA6D9A430524AD81C0D445155CDDC SHA256: BF7EFF73A37965B7ECD784E621F0B7118402C4C03E450E648B8922F070D440C8 IMP: F34D5F2D4577ED6D9CEEC516C1F5A744
- 6. -v (VirusTotal) >sigcheck -v ShinoBOT1326.exe Sigcheck v2.30 - File version and signature viewer Copyright (C) 2004-2015 Mark Russinovich Sysinternals - www.sysinternals.com e:WorkShinoBOT1326.exe: Verified: Unsigned Link date: 9:23 2013/07/25 Publisher: n/a Company: Sh1n0g1 Description: ShinoBOT Product: ShinoBOT Prod version: 1.3.2.6 File version: 1.3.2.6 MachineType: 32-bit VT detection: 44/57 VT link: https://www.virustotal.com/file/e10506ed829846ae5b7cddbb7ff636b18f632f28f072f9 b399b9cbdbd643b8d9/analysis/
- 7. -i (signed info) >sigcheck -i DummyPopup_Signed.exe Sigcheck v2.30 - File version and signature viewer Copyright (C) 2004-2015 Mark Russinovich Sysinternals - www.sysinternals.com E:DesktopDummyPopup_Signed.exe: Verified: Signed Catalog: E:DesktopDummyPopup_Signed.exe Signer: Sh1n0g1 Inc Status: ???????????????????????????????? Valid Usage: All Serial Number: 01 Thumbprint: 9C85EA7F5672E74E3A5C45279EECBD979B559DDB Algorithm: SHA1 Valid from: 16:54 2013/11/22 Valid to: 16:54 2015/11/22 Signing date: n/a Publisher: Sh1n0g1 Inc Company: n/a Description: Popup Product: Popup Prod version: 1.0.0.0 File version: 1.0.0.0 MachineType: 32-bit
- 8. aihqv combined >sigcheck -a -i -h -q -v DummyPopup_Signed.exe E:DesktopDummyPopup_Signed.exe: Verified: Signed Catalog: E:DesktopDummyPopup_Signed.exe Signer: Sh1n0g1 Inc Status: ???????????????????????????????? Valid Usage: All Serial Number: 01 Thumbprint: 9C85EA7F5672E74E3A5C45279EECBD979B559DDB Algorithm: SHA1 Valid from: 16:54 2013/11/22 Valid to: 16:54 2015/11/22 Signing date: n/a Publisher: Sh1n0g1 Inc Company: n/a Description: Popup Product: Popup Prod version: 1.0.0.0 File version: 1.0.0.0 MachineType: 32-bit Binary Version: 1.0.0.0 Original Name: DummyPopup.exe Internal Name: DummyPopup.exe Copyright: Copyright ? 2013 Comments: n/a Entropy: 6.755 MD5: 66F65B57235F9886537BB791DB6DFB14 SHA1: D71365CCDC97D0A1BD88A97C81DAD6562749CA0A PESHA1: AC6275E718A4E334B042B870DD66F3BB759B56FA PE256: 05D0ABD52B5E3A6C9CBD2033FC806568EEDFD235C0F3297FE9F3F409580A1FAA SHA256: 821B0E74CBBF042C32A691103D5DC449A1812E9FB0E5185B61B2F21CCCC1E883 IMP: F34D5F2D4577ED6D9CEEC516C1F5A744 VT detection: 1/56 VT link: https://www.virustotal.com/file/821b0e74cbbf042c32a691103d5dc449a1812e9fb0e5185b61b2f21cccc1e883/analysis/