Created
November 21, 2020 13:50
-
-
Save KeyC0de/6a1f1a6614ce11056e5871a128c67114 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
REM sigcheck.exe needs to be either in the path or in the "Start in" folder of the shortcut in the Send To menu | |
REM "Send To" shortcuts are in: C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\SendTo | |
REM where USERNAME should be replaced with your logged in name in Windows | |
TITLE=Sigcheck - VirusTotal - HerdProtect | |
IF [%1]==[] GOTO EMPTY | |
echo Parameter: %1 | |
IF EXIST %1\* GOTO FOLDER | |
set PARAMTYPE=FILE | |
echo File name: %~nx1 | |
GOTO MENU | |
:FOLDER | |
set PARAMTYPE=DIRECTORY | |
echo Directory name: %~nx1 | |
:MENU | |
IF NOT [%2]==[] ECHO (multiple parameters detected. assuming all parameters is of type '%PARAMTYPE%') | |
echo. | |
echo ---------------------------------------------------------------------------------------------- | |
echo Options: | |
echo F. (for Files) Show signed/unsigned info + Open VT report for unknown/non-zero files | |
echo D. (for Directories) Only show files that are unknown by VirusTotal or have non-zero detection | |
echo + open VT report | |
echo Info: Scans executable images only (regardless the extensions of the files) | |
echo S. (same as option D but with Subdirectories) | |
echo H. (for files) Search the files SHA1 hash on www.herdprotect.com | |
echo ---------------------------------------------------------------------------------------------- | |
IF EXIST %1\* ECHO Tip: You can use option F also for directories, to get detailed info for every file | |
echo NOTE: | |
echo - Unknown files will be uploaded to VirusTotal | |
echo - For VirusTotal options(F,D,S) a browser will be opened only for unknown/non-zero files | |
echo - For HerdProtect(H) a browser will be opened for EACH FILE! | |
echo. | |
choice /C FDSH /M "Enter one of the choices above (or close this window to cancel)" | |
echo. | |
if errorlevel 4 GOTO MENU_H | |
if errorlevel 3 GOTO MENU_S | |
if errorlevel 2 GOTO MENU_D | |
if errorlevel 1 GOTO MENU_F | |
goto EOF | |
:MENU_F | |
echo. | |
ECHO ***** Processing %1 ... ***** | |
sigcheck -q -h -a -vrs -vt %1 | |
SHIFT | |
IF NOT [%1]==[] GOTO MENU_F | |
GOTO END | |
:MENU_D | |
echo. | |
ECHO ***** Processing %1 ... ***** | |
sigcheck -q -u -e -vrs -vt %1 | |
SHIFT | |
IF NOT [%1]==[] GOTO MENU_D | |
GOTO END | |
:MENU_S | |
echo. | |
ECHO ***** Processing %1 ... ***** | |
sigcheck -q -u -s -e -vrs -vt %1 | |
SHIFT | |
IF NOT [%1]==[] GOTO MENU_S | |
GOTO END | |
:MENU_H | |
echo. | |
REM Get the SHA1 for the file and store the output in a txt file | |
sigcheck -q -h %1 | findstr "SHA1: " | findstr /V "PESHA1" > tempSHA1.txt | |
set /p SHA1=<tempSHA1.txt | |
REM Delete tab, spaces etc so only the SHA1 value remains in the SHA1 variable | |
set SHA1=%SHA1: SHA1: =% | |
CALL :ToLowerCase SHA1 | |
set SHA1FILE=%~nx1 | |
CALL :ToLowerCase SHA1FILE | |
REM Replace spaces with minus signs (as this is how herdprotect expects it) | |
set SHA1FILE=%SHA1FILE: =-% | |
echo Launching browser: www.herdprotect.com/%SHA1FILE%-%SHA1%.aspx | |
start /D "" www.herdprotect.com/%SHA1FILE%-%SHA1%.aspx | |
SHIFT | |
IF NOT [%1]==[] GOTO MENU_H | |
GOTO END | |
:ToLowerCase | |
FOR %%i IN ("A=a" "B=b" "C=c" "D=d" "E=e" "F=f" "G=g" "H=h" "I=i" "J=j" "K=k" "L=l" "M=m" "N=n" "O=o" "P=p" "Q=q" "R=r" "S=s" "T=t" "U=u" "V=v" "W=w" "X=x" "Y=y" "Z=z") DO CALL SET "%1=%%%1:%%~i%%" | |
GOTO EOF | |
:EMPTY | |
echo Parameter is missing! Right-click on a file/folder and use "Send to" menu. | |
:END | |
pause | |
:EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment