Created
March 30, 2023 08:21
-
-
Save DeathsPirate/342d4930467f59c3c1ca46dad5ae7d1d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Search for ffmpeg.dll in the C drive | |
| $ffmpegFiles = Get-ChildItem -Path "C:\" -Recurse -Filter "ffmpeg.dll" -ErrorAction SilentlyContinue | |
| # Initialize an array to store the hash results | |
| $hashResults = @() | |
| # The target hash to compare with | |
| $targetHash = "7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896" | |
| $found = $false | |
| # Calculate the SHA256 hash for each file | |
| foreach ($file in $ffmpegFiles) { | |
| $hash = Get-FileHash -Path $file.FullName -Algorithm SHA256 | |
| $status = "" | |
| if ($hash.Hash -eq $targetHash) { | |
| $status = "INFECTED" | |
| $found = $true | |
| } | |
| $hashResult = New-Object PSObject -Property @{ | |
| FileName = $file.FullName | |
| Hash = $hash.Hash | |
| Status = $status | |
| } | |
| $hashResults += $hashResult | |
| } | |
| $hashResults | Format-Table -AutoSize | |
| # Display the hash results | |
| if ($found) { | |
| Write-Host "File hash matched for 3CX infection" -ForegroundColor Red -NoNewline | |
| Write-Host | |
| } else { | |
| Write-Host "No matching files found" -ForegroundColor Green -NoNewline | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment