16
Sep
Hash Modifier
Comments
Here’s a little Powershell script Carl wrote that cycles through the executables in a directory, adds a null byte to the file, calculates a new sha256 hash and then renames the file to its new hash value. N.B. By changing the contents of the file this will break the integrity of some files, especially signed ones.
1 2 3 4 5 6 7 8 9 10 11 12 13 | ## Modify Hash and Rename Powershell script ## $exeDIR = "C:\files\*.exe" # $debuglog = "c:\files\debugging.txt" foreach ($file in get-ChildItem $exeDIR) { # $oldhash = get-filehash $file | Select-Object -ExpandProperty Hash add-content $file `0 $newhash = get-filehash $file | Select-Object -ExpandProperty Hash rename-item $file "$newhash.exe" # Add-content $debuglog "`n$file -> $newhash.exe" # Add-content $debuglog "`n$oldhash -> $newhash" remove-variable newhash # remove-variable oldhash } |
Explanation:
(Lines that are commented are not needed for the core functionality.)
- Script Name
- Specify your directory containing executables
- Specify your logging file, to log input and output for each file
- For each file in the executable directory (run steps 5-12)
- — Calculate the hash of the file, save it in the variable “oldhash”
- — Add a null byte to the end of the file
- — Calculate the new hash of the amended file, save it in the variable “newhash”
- — Rename the file to its new hash value with an extension of .exe
- — Write the old and new file name to the log file
- — Write the old and new hash to the log file
- — Remove the variable newhash (so it can be used again for the next file)
- — Remove the variable old hash (so it can be used again for the next file)
- End of script