VT Hash Check

Discussion in 'other anti-virus software' started by BoerenkoolMetWorst, Mar 1, 2015.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    The existing thread was to old, so I made a new one.

    With Firefox, you can set it to autocheck downloads:
    Kudos to @luciddream
    https://www.wilderssecurity.com/threads/vt-hash-check-auto-scan-downloads.333350/

    (Download Statusbar development is dead and doesn't work with recent versions of Firefox anymore but "Download Manager (S3)"(old name: S3.Download Statusbar) is a nice replacement.)

    Newer versions of VT Hash Check can now upload unknown files and the latest can also be set to the more secure SHA256.
    http://www.boredomsoft.org/vt-hash-check.bs
     
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    thanks for the reminder.
    Looks like i didnt add it to FF last time i did a resinstall of the OS.
     
  3. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    you can also use this with download managers like get right,just enter the exe file in place of a virus scanner and enter your api key when requested
     
  4. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Also, Free Download Manager have option to add scanning downloaded contents by any command line scanner. I had been using it with other command line scanner, but will work with VT hash check too.
    I think for most people, FDM Lite is sufficient if nothing have changed.
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Apparently VT Hash Check didn't validate VT's SSL certificate, fixed in 1.51:
     
    Last edited: Aug 30, 2015
  6. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    hmm "illegal response format" when checking from windows explorer or via firefox download manager

    Has something changed in v1.52?
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Still working fine here, both for checking and displaying results known files and unknown files including uploading.
    The only times I've had errors with this program is when checking a lot of files in a short timeframe, but I forgot what the error message was. I assumed it was because of limits of the free Virustotal API, but I do remember that wasn't clear from the erros message.
     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    thanks for the reply nevertheless
     
  9. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I kept using v1.01 for the longest time, but SHA-256, scanning of unknowns, and upping the file size from 32 to 128 MB are three very compelling reasons to finally update this puppy.

    Thanks for reviving this topic and this great tool. I simply love it and it's been in my sig ever since discovering it.
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Either I'm overlooking something completely obvious here or there's a huge buggaboo in this version. Or for some reason I ended up with a unique install(er) of this app. After I open the executable for VT Hash up and try to enter my API key, change settings, etc... I absolutely cannot find any way to save/close the box. When I click OK, nothing happens. When you click cancel, it sure closes it but then doesn't save the settings. The only other thing you can do is click on the green check mark to the right after entering your API key to do a test.

    There is no other option. No close or "X" to the upper right.

    I'm thinking this is just so obvious that there's no way possible it hasn't been brought to light and corrected by now, so I have to be having some unique problem here regarding "OK" not saving & closing the exe. So obvious that I want to get some feedback here first before even wasting their time with a bug report.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Note that the current version uses OpenSSL through curl(more info in the comments section on the project page), but it uses the 1.0.0 branch of OpenSSL which doesn't support TLS 1.1+ and it is also an older, vulnerable version of that branch. It is possible to replace the 2 OpenSSL DLL's(ssleay32.dll and libeay32.dll), I did it succesfully with the DLL's from an installed OpenVPN.(Note that you need 32 bit DLL's, the native 64 bit OpenVPN uses 64 bit DLL's.)

    Changing settings and clicking OK works fine here, and I'm even using EMET on it.

    SHA512 checksums of my zipped installer and executable from Program Files:
    VTHash.zip: 9B1DEAF102FFF9CFA917FEF0B44F1FAEDF70CF4A33CA6BDD1A1E3CDBA4118E08D8AFD9B57C7AB879347A82254B6166F996AA28110D95BDBF880CBAEB3ABE8252
    VTHash.exe: 314C7661F8D9609557755A7D1B4791C0C6A830E1BADEE4275063FDA44AD6C8051E2BA72A6D6C9315519CDCF148CFC96DF98CC8F1416D002C3205F5F023C7B7CA
     
  12. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
  13. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Well it doesn't work here, rest assured. Hash is clean, I DL'd it from their site. This does indeed seem like a unique issue I'm having here. Gonna try another installer and restarting Windows before reporting.

    This is why I don't even bother updating things as long as they work to my liking in general. I guess I just need to remind myself of that policy sometimes by having these things happen...
     
  14. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Out of the frying pan... into the fire here. I got around that problem only to promptly run into another. When I try to scan something via the context menu option "Check File Hash" I'm getting this error message:

    Connection error 22: HTTP response code said error

    I don't have any rules for VT Hash Check in any of my security apps. Can't imagine what could be blocking it. I'm allowing everything in the popups I get from Comodo for both the FW & D+. I do have some IP's blocked in my block list but VT Hash Check shouldn't be using any of them. They are mostly MS & Firefox phone home IP's.
     
  15. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Well I remedied it by changing the Trusted Publishers setting to Admins only and unchecking both boxes. I have to do that sometimes to update apps, including WU's, but never to just run an app. But maybe for some reason it had to be that way initially to set it up and now maybe it'll run with it the way I want it? Before I reboot the next time I'm switching it back the way I like it and seeing if it keeps working. I'll keep you posted.
     
  16. Boredomsoft

    Boredomsoft Registered Member

    Joined:
    Jul 21, 2012
    Posts:
    13
    Location:
    San Francisco
    The latest version ships with OpenSSL 1.0.2d.

    To be honest the code that manages the settings is way more complicated than it needs to be, and is in bad need of a complete overhall. My psychic debugging powers suggest that deleting the config.dat file could be a workaround (though you would lose your settings.)

    <technical stuff>
    My guess is that a parsing error occurred while reading config.dat and the parsing code tries to show an error message. Error message windows are modal, which means you must dismiss them before you may continue to interact with the parent window. The settings window, however, is either modal or non-modal depending on how it's invoked.

    When you select the "Settings" option from the Tools menu, the resulting settings window is non-modal. However, when the settings window is invoked as a result of a command-line parameter or a missing API key then it is shown in modal form because user input is required before the program can continue.

    So, when a modal settings window encounters a parse error, a modal error window tries to show itself. The practical upshot being that neither modal window works properly and the whole thing falls apart. (Like I said, it needs an overhaul.)
    </technical stuff>

    I hate cryptic error messages, and this one is pretty bad. While I can't fix the underlying problem, I've made the message a little more informative by specifying which error code was returned. I'd be interested to know what the code is if you encounter this error again.

    This error indicates that Virus Total responded with something other than JSON, or that the JSON data is corrupt or incomplete. This usually happens when virustotal.com is unreachable and an intermediary server (e.g. a CDN, proxy, etc.) is "helping" by responding with an HTML error page and indicating that the request was successful. The only real solution is to try again.
     
  17. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    :thumb:

    Great, thanks :)
     
  18. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    boredomsoft: would that mean it would work erratically?

    It just never works just giving the error.
     
  19. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Version 1.55 was released a while ago: