Quick and dirty script in Powershell to check certificate fingerprintsFlorence Broderick

Office Data gives you office 365 database with full contact details. If you like to buy the office database then you can discuss it here.
Post Reply
chandon
Posts: 11
Joined: Tue Dec 17, 2024 6:33 am

Quick and dirty script in Powershell to check certificate fingerprintsFlorence Broderick

Post by chandon »

Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates. Everything counts to “look good” for the users and machines. Sometimes, when a signed malware is discovered, you may wonder if any of the binaries in your machine is signed with that certificate. This is a simple powershell script to get that.
Script in powershell

With Powershell, retrieving the fingerprint of the certificate is quite easy. Just a few sms gateway denmark lines of code. Since most of the suspected machines will be Windows and all modern versions are able to use Powershell, this a simple solution. Just add the certificate fingerprint you are searching for in your computer, tell the program where to start from, and that is all.

Image

To use it, just create your txt file with some fingerprints. For example, these are the fingerprints for the certs used in TheFlame (2012) and WildNeutron (2015) operations respectively.


We have uploaded the code to our Github. Whatever good idea you may have to improve it, just share it with us in our community.
Top
Post Reply

Return to “Office Data”