VT Hash Check

VT Hash Check adds a Windows Explorer context menu item to compute the MD5 hash checksum of any file and to then send that checksum to http://www.virustotal.com for checking against their Virus database.

Download|GPG Sig (?)

License:Boredom Software Freeware License Language: Compiled Binary
Platform(s): Win32 (NT 5.0+)
How To Open 7-Zip Files

Webmasters: Please Link To This Page, Not To The File Itself.


 

 

Current Version 

The most current version of VT Hash Check is 0.98 (Last update: 1/27/12).

Changelog

  • 0.97-0.98
    • Switched to the new VirusTotal API.
    • Added center column to results window (for the scanner version)
    • Minor UI changes.
  • 0.96-0.97
    • Faster hashing engine for both MD5 and SHA1
    • Fixed typo in unexpected server response error message.
  • 0.95-0.96
    • New JSON parser
    • UI tweaks to results window
    • More helpful error messages when a file is not readable.
  • 0.94-0.95
    • Fixed erroneous "Malformed Response" error when the user has exceeded their limit of requests via the API.
  • 0.93-0.94
    • Fixed crash when receiving a malformed response from Virus Total.
  • 0.91-0.93
    • Fixed several minor bugs
    • Fixed bug where in rare cases a file which was less than 20MB would be reported as larger than 20MB
  • 0.90-0.91
    • Fixed several minor bugs in the new results window
  • 0.87-0.90
    • Added JSON response parser
    • Added results window
  • 0.86-0.87
    • Rejiggered SHA1 innards
  • 0.85-0.86
    • Added SSL support
  • 0.81-0.85
    • Switched to using the new Virus Total public API. You will now need an API key.

Files Included in the Download

  • setup.exe - Program Installer
  • ReadMe.txt - ReadMe File
  • License.txt - License

Installation

Execute the included setup.exe file to install.

Issues

None Reported.

Command Line Parameters 

  • --about
    • Show the "About" Window
  • --SHA1
    • Use the SHA1 algorithm (see Further Notes, below)
  • --api=
    • Specify an API key other than the one remembered by the program
  • --SSL
    • Use SSL (see Further Notes, below)

Further Notes

As of version 0.85, you will need an API key from Virus Total to use VT Hash Check. If you prefer to not get an API key, then you must use an earlier version of the program. Earlier versions are not supported and won't have any bugs fixed in them. An API key is free with a Virus Total Community account (which is also free.) Sign up at: http://www.virustotal.com/vt-community/register.html

VT Hash Check will ask you for your API key the first time you run it. Alternatively, you can specify an API key on the command line using the api= argument followed by your 64 character API key.

By default, only the MD5 hash is computed. The MD5 hash algorithm is vulnerable to theoretical collisions and has been recommended to be avoided for cryptographic functions requiring a high level of security1. While this theoretical vulnerability may represent a deficiency in the operation of this particular program, I don't feel that it should cast any doubt onto the results returned by the program via Virus Total. Nevertheless, for those of you interested in using a theoretically superior hash function, I have included the option to use the SHA12 hash function instead.

To invoke the SHA1 option, you may pass the program the —SHA1 argument before the file path like this:

VTHash.exe —SHA1 C:\somefile.exe

If you prefer for SHA1 to be the default, create a file called "usesha1" (sans quotes) in the installation directory (by default: C:\Program Files\Boredom Software\VT Hash Check):

You may also wish to avail yourself of the option for an SSL encrypted connection. To do so, you may either pass the --SSL argument or create an emtpty file in the installation directory called "usessl" (sans quotes).

 

When attempting check the hashes of executable files obtained from the Internet, users are likely to see a warning similar to this one:

This warning is generated by Windows whenever an executable file launched if the executable was downloaded from an untrusted network source (i.e. the Internet) and saved on a drive formatted in NTFS. Windows uses a special alternate data stream to mark the file as "untrusted" and prompts the user any time the file is about to be opened, even if the act of opening it is only to read the data therein.

VT Hash Check does not actually launch or execute any file processed through it. It reads the data from the file, computes the hash based on the data, and then closes it. The data is treated the same way whether the file being hashed is an executable or and image or a text file.

Write a comment

  • Required fields are marked with *.
  • All comments must be approved before they get published