topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 12:08 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: DONE: Tool that lists digitally signed files from a folder/disk  (Read 97610 times)

neverlight

  • Participant
  • Joined in 2012
  • *
  • default avatar
  • Posts: 25
    • View Profile
    • Donate to Member
At the moment, I can not find such a tool.

This kind of tool could be quite handy since malware analysts/researchers look into digitally signed files for whitelisting/blacklisting purposes.
Possible (important) features (to be considered):
- display digitally signed files from a specific folder as a list;
- ability to view the specific folder using a right-click menu (or something similar) on the digitally signed file;
- ability to filter files using digital signature details such as "Issued by", "Issued to", "Valid from" - "to", etc;


Kind Regards,
Marius
 
« Last Edit: September 13, 2014, 08:03 AM by neverlight »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #1 on: August 04, 2014, 07:42 PM »
That's really not a bad idea at all -- especially if it showed a grid with the signing details.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #2 on: August 05, 2014, 04:39 AM »
Maybe skwire can add another column to SFV Ninja ?

Turn it into CFV Ninja, (Complicated File Verification).

neverlight

  • Participant
  • Joined in 2012
  • *
  • default avatar
  • Posts: 25
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #3 on: August 05, 2014, 07:25 AM »
I didn't expect such positive replies.


Please note,that it's (very) important to know which files have a valid digital signature in terms of #date. In other words, to less or equal to current date. That could be a method.
Now, extending the idea of complex verification, It could also use an 'offline database', perhaps a text file (list) that contains default/custom trusted vendors. The vendors that are listed in the respective text file will show in a color, let's say green while the others that are not in the list will be marked red. Of course, colors could be customizable/user-choice -- whatever seems appropriate to DonationCoder.

Thanks again for the great feedback.

Kind regards,
Marius
« Last Edit: September 13, 2014, 08:03 AM by neverlight »

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #4 on: August 05, 2014, 03:02 PM »
is this the same as sigverif?

Verify Unsigned Device Drivers

    Click Start, click Run, type sigverif, and then click OK.
    Click Advanced.
    Click Look for other files that are not digitally signed.

    In the Look in this folder box, type x:\Windows\system32\drivers, where x is the letter of the drive where Windows is installed.
    On the Logging tab, make sure the Save the file signature verification results to a log file check box is selected, and then click OK.
    Click Start.

    NOTE: The log file is named Sigverif.txt, and it is saved in the Windows folder. Third-party drivers that are unsigned are displayed as "Not signed." Use the drivers in this list as your troubleshooting starting point.

http://support.microsoft.com/kb/308514
-support.microsoft.com/kb/308514

The article was about XP, but I can confirm that I have sigverif on Win 7 as well.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #5 on: August 05, 2014, 08:59 PM »
I tried it, but it only shows an overview of driver files that are not signed. The application sigverif is too limited to be of almost any use, if you would have asked me (and I know you didn't).

neverlight

  • Participant
  • Joined in 2012
  • *
  • default avatar
  • Posts: 25
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #6 on: August 25, 2014, 08:56 AM »
In the meantime, I've found a (temporary) solution-- Sigcheck.
More information
Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains.


Interesting tool that does the job and it could be used in the "process". I'm guessing a GUI could be made based on this tool.
Hope it helps.


Kind Regards,
Marius Il.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #7 on: August 25, 2014, 10:40 AM »
Thanks for posting about that.. it does seem like it would be a natural next step for someone to make a gui tool that uses this commandline utility.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #8 on: August 27, 2014, 09:16 AM »
Interesting tool that does the job and it could be used in the "process". I'm guessing a GUI could be made based on this tool.

Yep, quite easily.  I assume you would like all bits of information listed in columns?  Example output from the CLI tool:

Verified:       Signed
Signing date:   4:45 PM 4/28/2014
Publisher:      Microsoft Corporation
Description:    File version and signature viewer
Product:        Sysinternals Sigcheck
Prod version:   2.1
File version:   2.1
MachineType:    32-bit


Here's an extended output from the CLI tool:

Verified:       Signed
Signing date:   4:45 PM 4/28/2014
Publisher:      Microsoft Corporation
Description:    File version and signature viewer
Product:        Sysinternals Sigcheck
Prod version:   2.1
File version:   2.1
MachineType:    32-bit
Binary Version: 2.10.0.0
Original Name:  sigcheck.exe
Internal Name:  Sigcheck
Copyright:      Copyright (C) 2004-2014 Mark Russinovich
Comments:       n/a
Entropy:        6.447

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #9 on: August 27, 2014, 09:20 AM »
columns would be nice.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #10 on: August 27, 2014, 09:24 AM »
columns would be nice.

For sure.  I foresee something very similar to my PDFInfoGUI tool.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #11 on: August 27, 2014, 09:51 AM »
perfect.

neverlight

  • Participant
  • Joined in 2012
  • *
  • default avatar
  • Posts: 25
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #12 on: August 28, 2014, 05:13 AM »
[...]  I assume you would like all bits of information listed in columns?  [...]
Yes. It's a good start (for the first version) but this (suggested) application should not be limited (only) to the output though.  :up:

columns would be nice.
For sure.  I foresee something very similar to my PDFInfoGUI tool.

However, maybe columns should be opt-in. End-users should select which columns to be displayed.


Kind Regards,
Marius
« Last Edit: September 13, 2014, 08:03 AM by neverlight »

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #13 on: August 28, 2014, 03:48 PM »
Yes. It's a good start (for the first version) but this (suggested) application should not be limited (only) to the output though.  :up:

Hmmm...not sure what else you'd want out of this tool.

However, maybe columns should be opt-in. End-users should select which columns to be displayed.

Column order and widths are saved so, if you don't want to see a column, you would simply set it to zero-width.  Here's a teaser screenshot so far:

2014-08-28_154407.pngDONE: Tool that lists digitally signed files from a folder/disk

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #14 on: August 28, 2014, 03:50 PM »
nice!!!
love it.   :up:

neverlight

  • Participant
  • Joined in 2012
  • *
  • default avatar
  • Posts: 25
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #15 on: August 28, 2014, 05:13 PM »
Awesome.

Hmmm...not sure what else you'd want out of this tool.
Well, imagine tons & tons of files- you have to sort/filter these by columns, copy/move files to other folders,  filter/hide files from signers that are loaded from a list, copy and paste displayed information such as hashes of files. These are most used operations.

Kind Regards,
Marius

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #16 on: September 08, 2014, 11:36 PM »
Apologies for the delay.  Here's the first release:

Website | Download
v1.0.0 - 2014-09-08
    + Initial forum build.


Screenshots:

main.pngDONE: Tool that lists digitally signed files from a folder/disk

options.pngDONE: Tool that lists digitally signed files from a folder/disk

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #17 on: September 09, 2014, 08:49 PM »
Website | Download
v1.0.2 - 2014-09-09
    + Added option to include file hashes (MD5, SHA1, PESHA1, PE256, and SHA256).
    + Added "Is Running" column.  (Thanks, mouser)
    + Added a toolbar button to dump all running exes to the list.  (Thanks, mouser)


New screens:

main.pngDONE: Tool that lists digitally signed files from a folder/disk

options.pngDONE: Tool that lists digitally signed files from a folder/disk
« Last Edit: September 09, 2014, 09:06 PM by skwire »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #18 on: September 09, 2014, 09:02 PM »
LOVE it.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #19 on: September 10, 2014, 11:15 AM »
Website | Download
v1.0.3 - 2014-09-10
    + Double-clicking a row display the information box for that process.
    * Improved performance when clearing list items.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #20 on: September 10, 2014, 10:44 PM »
Website | Download
v1.0.4 - 2014-09-10
    + Added option to query VirusTotal (www.virustotal.com) for malware based on
      file hash.  Note that this slows down scanning considerably.  You can see the
      results in two new columns: Virus Total Detection and Virus Total URL.
    + Added context menu entry to go to the Virus Total URLs.
    + Added context menu entries to perform web searches based on the process name.
      Choose from Google, Bing, and Duck Duck Go.
    + Added "Export file list" feature to dump the full paths to a text file for
      later import using the "Import file list" feature.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #21 on: September 11, 2014, 01:48 PM »
Written up by Martin at ghacks today!
http://www.ghacks.ne...es-with-sigcheckgui/

He seems to really like it, though he pointed out a few issues with the virustotal integration.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #22 on: September 11, 2014, 01:53 PM »
Yeah, disabled that in a new build until I work out those kinks.  I know WHAT the issue is...just need to come up with a way to handle it elegantly.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #23 on: September 11, 2014, 02:58 PM »
Apologies for that.   :-[

Website | Download
v1.0.6 - 2014-09-11
    ! Re-enabled VirusTotal functionality.  SigcheckGUI now checks for the
      acceptance of the Sigcheck EULA and the VirusTotal ToS and will prompt
      the user for acceptance if necessary.

v1.0.5 - 2014-09-11
    ! Disabled the VirusTotal functionality until some kinks are worked out.

Mattes57

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 23
    • View Profile
    • Donate to Member
Re: DONE: Tool that lists digitally signed files from a folder/disk
« Reply #24 on: September 12, 2014, 04:01 AM »
Nice tool. Thank you!