We help IT Professionals succeed at work.

Powershell: md5 hash to software title?

janhoedt
janhoedt used Ask the Experts™
on
Hi,

I d like to search for software which matches met hashes. That way I can crosscheck my installfiles/exes.
Please do nog suggest other options: I really need md5 hashes (or sha256), which I generate from my windows software installers, to match to full software names
Can that be done?

J
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Use this to calculate your hashes: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-6
Then you use put filenames/titles etc along with the hash into a text file or database and compare from there.

Author

Commented:
No. Please read question again.

Commented:
So even though you mentioned a few times "MY" installers/exe (so you already know the full software names), you still don't want to match it to your own database (since you have the files, you could've generated it yourself), but with some kind of other publicly available database?

Author

Commented:
>so you already know the full software name
Wrong assumption
Top Expert 2016

Commented:
Your question is not clear.
You have a file abc.exe which we do a md5 hash of it and save it as abc.exe.md5

$filename =   "F:\Downloads\pfSense-CE-2.4.4-RELEASE-p3-amd64.iso"
$hash =get-filehash  $filename
$hash.Hash | Out-File ($filename + ".md5")

$myhash = get-content ($filename +".md5")
if ($hash.Hash -ne $myhash) {
  Write-Output "Hash Mismatch"
  }
  else {
  Write-Output "Hash Match"}
  Get-ChildItem -Path ($filename + "*")
  

Open in new window

which results in
PS D:\Documents\WindowsPowerShell\Scripts> . 'D:\Documents\WindowsPowerShell\Scripts\Untitled20.ps1'
Hash Match


    Directory: F:\Downloads


Mode                 LastWriteTime         Length Name                                                          
----                 -------------         ------ ----                                                          
-a----       15-May-2019   7:09 PM      696539136 pfSense-CE-2.4.4-RELEASE-p3-amd64.iso                         
-a----       05-Dec-2019   7:22 PM      350336497 pfSense-CE-2.4.4-RELEASE-p3-amd64.iso.gz                      
-a----       06-Dec-2019   6:29 PM            134 pfSense-CE-2.4.4-RELEASE-p3-amd64.iso.md5                     



PS D:\Documents\WindowsPowerShell\Scripts> 

Open in new window

Commented:
Just out of curiosity, all official well-known trusted software packages have both the name AND version number embedded in their details, including their digital certificate. Why do you want to rely on a non-existent database instead?

Author

Commented:
Like you mention: all official well-known trusted software packages have both the name AND version number embedded in their detail

If I try to get details out of some (actually a lot) exe and/or msi, the output is rubbish: no vendor, name or a generic vendor, no version, other name then what you get when installing etc.

Author

Commented:
Maybe I should use a tool like ExifTool

https://exiftool.org/#supported

"It can display metadata of many file types, including PE images (AKA .exe/.dll files). This is also what VirusTotal uses."

Example output:

Z:\Downloads>"exiftool(-k).exe" 306.23-desktop-win8-win7-winvista-64bit-english-whql.exe
ExifTool Version Number         : 10.13
File Name                       : 306.23-desktop-win8-win7-winvista-64bit-english-whql.exe
Directory                       : .
File Size                       : 175 MB
File Modification Date/Time     : 2012:10:06 19:26:26+02:00
File Access Date/Time           : 2015:05:18 19:41:46+02:00
File Creation Date/Time         : 2015:05:17 18:22:01+02:00
File Permissions                : rw-rw-rw-
File Type                       : Win32 EXE
File Type Extension             : exe
MIME Type                       : application/octet-stream
Machine Type                    : Intel 386 or later, and compatibles
Time Stamp                      : 2007:07:23 02:35:27+02:00
PE Type                         : PE32
Linker Version                  : 6.0
Code Size                       : 74752
Initialized Data Size           : 152576
Uninitialized Data Size         : 0
Entry Point                     : 0x11de6
OS Version                      : 4.0
Image Version                   : 0.0
Subsystem Version               : 4.0
Subsystem                       : Windows GUI
File Version Number             : 1.0.0.0
Product Version Number          : 1.0.0.0
File Flags Mask                 : 0x003f
File Flags                      : Private build
File OS                         : Windows NT 32-bit
Object File Type                : Executable application
File Subtype                    : 0
Language Code                   : Neutral
Character Set                   : Unicode
Company Name                    : NVIDIA Corporation
File Description                : NVIDIA Windows Display Driver Installer
File Version                    : 1, 0, 0, 0
Internal Name                   : NVIDIA Windows Display Driver Installer
Legal Copyright                 : NVIDIA Corporation
Original File Name              : 7ZSfxNew.exe
Private Build                   : July 14, 2007
Product Name                    : NVIDIA Windows Display Driver Installer
Product Version                 : 1, 0, 0, 0
-- press RETURN --

Z:\Downloads>"exiftool(-k).exe" "exiftool(-k).exe"
ExifTool Version Number         : 10.13
File Name                       : exiftool(-k).exe
Directory                       : .
File Size                       : 6.4 MB
File Modification Date/Time     : 2016:03:12 20:31:08+01:00
File Access Date/Time           : 2016:04:02 16:37:16+02:00
File Creation Date/Time         : 2016:04:02 16:37:16+02:00
File Permissions                : rw-rw-rw-
File Type                       : Win32 EXE
File Type Extension             : exe
MIME Type                       : application/octet-stream
Machine Type                    : Intel 386 or later, and compatibles
Time Stamp                      : 2006:06:02 12:45:17+02:00
PE Type                         : PE32
Linker Version                  : 6.0
Code Size                       : 12288
Initialized Data Size           : 917504
Uninitialized Data Size         : 0
Entry Point                     : 0x354c
OS Version                      : 4.0
Image Version                   : 0.0
Subsystem Version               : 4.0
Subsystem                       : Windows command line
File Version Number             : 10.1.3.0
Product Version Number          : 10.1.3.0
File Flags Mask                 : 0x003f
File Flags                      : Debug
File OS                         : Windows NT 32-bit
Object File Type                : Executable application
File Subtype                    : 0
Language Code                   : Process default
Character Set                   : Unicode
Comments                        : ExifTool EXE for Windows
Company Name                    : Phil Harvey
File Description                : Read and Write meta information
File Version                    : 10.1.3.0
Internal Name                   : ExifTool
Legal Copyright                 : Copyright (c) 2003-2016, Phil Harvey
Legal Trademarks                :
Original File Name              : exiftool(-k).exe
Private Build                   :
Product Name                    : ExifTool
Product Version                 : 10.1.3.0
Special Build                   :
Build Date                      : 2016:03:12 14:27:51
Bundled Perl Version            : ActivePerl 5.8.7
Home Page                       : http://owl.phy.queensu.ca/~phil/exiftool/
This will work on virtually any platform, including Windows, Linux and OS X.