Monday, April 11, 2005

SISHash utility added to toolkit

I've added the SISHash utility to the Sis Analysis toolkit. It functions like md5sum over all files in a given SIS file.


Collect the signatures for known bad files and you've got yourelf a quick and dirty malware scanner. This is only useful for static malware, such as most trojans and some network worms.
An implementation, SISscan, will be added in a few days.

SISHash

* Accquire MD5 and SHA1 hashes of each file within the SIS file.

* Identify previously seen files.




Usage:

SIShash - Get Hashes from SIS File
Copyright 2005 Jimmy Shah All rights reserved.

Usage: SisHash.pl [-as] filename

Options:
-a Display both Md5 and SHA1 hashes.
-s Display only SHA1 hashes.

Default is MD5 only.

Command Line:

SisHash.pl -a Caribe.sis
Output:

988ff12b5f9819ce8a84a14245c2297f *caribe.rsc
75e1e12706649fa45c289c92f2f9775d2437c13f
12a0af974995c3d9428eb751e8da638b *flo.mdl
3cfdcecd905c509f319346db40c193821d77e3d8
05fbae15bb8a0042a7755e898d18c439 *caribe.app
49e753fe862c9a0ceb04f1984933e53017bec524
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Auto "Kill Switch", solving the wrong problem?

Consumer Watchdog, a consumer advocacy group, put out a report on the dangers of Internet connected cars. They received coverage on the nigh...