Skip to content

Instantly share code, notes, and snippets.

@KeyC0de
Created November 21, 2020 13:50
Show Gist options
  • Save KeyC0de/6a1f1a6614ce11056e5871a128c67114 to your computer and use it in GitHub Desktop.
Save KeyC0de/6a1f1a6614ce11056e5871a128c67114 to your computer and use it in GitHub Desktop.
@echo off
REM sigcheck.exe needs to be either in the path or in the "Start in" folder of the shortcut in the Send To menu
REM "Send To" shortcuts are in: C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\SendTo
REM where USERNAME should be replaced with your logged in name in Windows
TITLE=Sigcheck - VirusTotal - HerdProtect
IF [%1]==[] GOTO EMPTY
echo Parameter: %1
IF EXIST %1\* GOTO FOLDER
set PARAMTYPE=FILE
echo File name: %~nx1
GOTO MENU
:FOLDER
set PARAMTYPE=DIRECTORY
echo Directory name: %~nx1
:MENU
IF NOT [%2]==[] ECHO (multiple parameters detected. assuming all parameters is of type '%PARAMTYPE%')
echo.
echo ----------------------------------------------------------------------------------------------
echo Options:
echo F. (for Files) Show signed/unsigned info + Open VT report for unknown/non-zero files
echo D. (for Directories) Only show files that are unknown by VirusTotal or have non-zero detection
echo + open VT report
echo Info: Scans executable images only (regardless the extensions of the files)
echo S. (same as option D but with Subdirectories)
echo H. (for files) Search the files SHA1 hash on www.herdprotect.com
echo ----------------------------------------------------------------------------------------------
IF EXIST %1\* ECHO Tip: You can use option F also for directories, to get detailed info for every file
echo NOTE:
echo - Unknown files will be uploaded to VirusTotal
echo - For VirusTotal options(F,D,S) a browser will be opened only for unknown/non-zero files
echo - For HerdProtect(H) a browser will be opened for EACH FILE!
echo.
choice /C FDSH /M "Enter one of the choices above (or close this window to cancel)"
echo.
if errorlevel 4 GOTO MENU_H
if errorlevel 3 GOTO MENU_S
if errorlevel 2 GOTO MENU_D
if errorlevel 1 GOTO MENU_F
goto EOF
:MENU_F
echo.
ECHO ***** Processing %1 ... *****
sigcheck -q -h -a -vrs -vt %1
SHIFT
IF NOT [%1]==[] GOTO MENU_F
GOTO END
:MENU_D
echo.
ECHO ***** Processing %1 ... *****
sigcheck -q -u -e -vrs -vt %1
SHIFT
IF NOT [%1]==[] GOTO MENU_D
GOTO END
:MENU_S
echo.
ECHO ***** Processing %1 ... *****
sigcheck -q -u -s -e -vrs -vt %1
SHIFT
IF NOT [%1]==[] GOTO MENU_S
GOTO END
:MENU_H
echo.
REM Get the SHA1 for the file and store the output in a txt file
sigcheck -q -h %1 | findstr "SHA1: " | findstr /V "PESHA1" > tempSHA1.txt
set /p SHA1=<tempSHA1.txt
REM Delete tab, spaces etc so only the SHA1 value remains in the SHA1 variable
set SHA1=%SHA1: SHA1: =%
CALL :ToLowerCase SHA1
set SHA1FILE=%~nx1
CALL :ToLowerCase SHA1FILE
REM Replace spaces with minus signs (as this is how herdprotect expects it)
set SHA1FILE=%SHA1FILE: =-%
echo Launching browser: www.herdprotect.com/%SHA1FILE%-%SHA1%.aspx
start /D "" www.herdprotect.com/%SHA1FILE%-%SHA1%.aspx
SHIFT
IF NOT [%1]==[] GOTO MENU_H
GOTO END
:ToLowerCase
FOR %%i IN ("A=a" "B=b" "C=c" "D=d" "E=e" "F=f" "G=g" "H=h" "I=i" "J=j" "K=k" "L=l" "M=m" "N=n" "O=o" "P=p" "Q=q" "R=r" "S=s" "T=t" "U=u" "V=v" "W=w" "X=x" "Y=y" "Z=z") DO CALL SET "%1=%%%1:%%~i%%"
GOTO EOF
:EMPTY
echo Parameter is missing! Right-click on a file/folder and use "Send to" menu.
:END
pause
:EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment