content copied
content
Start
StartPowerShell:
# This snippet uses Sysinternals Sigcheck to upload file on VirusTotal.
# Change the line containing the string "INSERTFILEPATHHERE" to the desired filepath
# ---
# It displays the following: entropy, file hashes, catalog name & signing chain, VirusTotal scan results and link to it.
# It is also able to traverse symbolic links and directory junctions.
# ---
# NOTE: If the file is not known prior, it gets uploaded to VirusTotal and the result will be available in a few minutes.
# You can search up the report by visiting the URL "https://www.virustotal.com/gui/file/<SHA256>"
$TempDir = [System.IO.Path]::GetTempPath()
$ZipPath = Join-Path $TempDir "SigcheckFRST.zip"
$ExtractPath = Join-Path $TempDir "SigcheckFRST"
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Sigcheck.zip" -OutFile $ZipPath -UseBasicParsing
if (Test-Path $ExtractPath) { Remove-Item $ExtractPath -Recurse -Force }
Expand-Archive -Path $ZipPath -DestinationPath $ExtractPath -Force
$SigcheckExe = Join-Path $ExtractPath "sigcheck.exe"
if (Test-Path $SigcheckExe) {
$psi = New-Object System.Diagnostics.ProcessStartInfo
$psi.FileName = $SigcheckExe
$psi.Arguments = '-accepteula -a -h -i -m -l -vt -vs -nobanner "C:\ProgramData\microsofts\data.ps1"'
$psi.RedirectStandardOutput = $true
$psi.StandardOutputEncoding = [System.Text.Encoding]::Unicode
$psi.UseShellExecute = $false
$psi.CreateNoWindow = $true
$p = [System.Diagnostics.Process]::Start($psi)
$output = $p.StandardOutput.ReadToEnd()
$p.WaitForExit()
Write-Output $output
} else {
Write-Host "Error: Sigcheck does not exist"
}
Remove-Item $ZipPath -Force
EndPowerShell:
File: C:\ProgramData\microsofts\data.ps1
Folder: C:\ProgramData\microsofts
C:\ProgramData\microsofts\data.ps1
End
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.