Hash Modifier

Here’s a little Powershell script Carl wrote that cycles through the executables in a directory, adds a null byte to the file, calculates a new sha256 hash and then renames the file to its new hash value. N.B. By changing the contents of the file this will break the integrity of some files, especially signed ones.

1
2
3
4
5
6
7
8
9
10
11
12
13
## Modify Hash and Rename Powershell script ##
$exeDIR = "C:\files\*.exe"
# $debuglog = "c:\files\debugging.txt"
foreach ($file in get-ChildItem $exeDIR) {
# $oldhash = get-filehash $file | Select-Object -ExpandProperty Hash
add-content $file `0
$newhash = get-filehash $file | Select-Object -ExpandProperty Hash
rename-item $file "$newhash.exe"
# Add-content $debuglog "`n$file -> $newhash.exe"
# Add-content $debuglog "`n$oldhash -> $newhash"
remove-variable newhash
# remove-variable oldhash
}

Explanation:

(Lines that are commented are not needed for the core functionality.)

  1. Script Name
  2. Specify your directory containing executables
  3. Specify your logging file, to log input and output for each file
  4. For each file in the executable directory (run steps 5-12)
  5. — Calculate the hash of the file, save it in the variable “oldhash”
  6. — Add a null byte to the end of the file
  7. — Calculate the new hash of the amended file, save it in the variable “newhash”
  8. — Rename the file to its new hash value with an extension of .exe
  9. — Write the old and new file name to the log file
  10. — Write the old and new hash to the log file
  11. — Remove the variable newhash (so it can be used again for the next file)
  12. — Remove the variable old hash (so it can be used again for the next file)
  13. End of script
user-gravatar
Carl Gottlieb

[email protected]

Data Protection Consultant, specialist in anti-malware security solutions and Consulting Director of Cognition Secure. Helping organisations test products for themselves and get the best protection.

Want a few pointers? Fancy a chat? Just want an antivirus product recommendation?