logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: How to get a SHA 256 hash of a file on Windows and Mac

Cb Defense: How to get a SHA 256 hash of a file on Windows and Mac

Environment

Cb Defense: All versions

Cb Protection: All Versions

Microsoft Windows: Server 2008/Vista (NT 6.0) and above

Mac OS: OS X 10.0 and above

Objective

This document describes how to get a SHA256 hash of an application or a file on Windows and MacOS. A hash is a result of a calculation of a hashing algorithm performed against a file identifies the contents of a file or application. Hashes are commonly used to verify that an application or file was created by the publisher. A typical use case would be if someone sends you a file with a hash attached to it, you should check that hash against the file you received to verify it's the exact same file. If the hashes of the same type (in this case, SHA 256) do not match, the file or application is not the same and should not be trusted. Another use case would be if you needed to check the reputation of a file to see if it was reported as malicious using reputation checking services (like VT), you can get the hash of a file and do a lookup.

Steps for Windows - Powershell

Open Windows Powershell Enter the following command (replace <path/to/file> with the absolute path of the file or application you want to get the hash from):

Get-FileHash <PATH\OF\FILE\> -Algorithm SHA256

Example (command is highlighted and hash returned is shown as indicated by the arrow):

Steps for Windows - Command Prompt

Open the windows command line. Enter the following command (replace <path/to/file> with the absolute path of the file or application you want to get the hash from):

certutil -hashfile <path/to/file> SHA256

Example (command is highlighted and hash returned is shown as indicated by the arrow):

Steps for Mac OS X

Open a terminal window Enter the following command (replace <path/to/file> with the absolute path of the file or application you want to get the hash from):

shasum -a 256 <PATH\OF\FILE>

Example( command is highlighted and hash returned is shown as indicated by the arrow):

Related Content

Cb Defense: What to do if a common app has NOT_LISTED reputation

Cb Defense: Difference in whitelisting by hash versus Certs or IT Tools

Cb Defense: How to whitelist or blacklist a hash

Labels (1)
Was this article helpful? Yes No
67% helpful (2/3)
Article Information
Author:
dcoty
Creation Date:
‎09-27-2017
Views:
11348
Contributors
logo