How to Get Hash of a File for SHA256 and/or MD5
search cancel

How to Get Hash of a File for SHA256 and/or MD5

book

Article ID: 286808

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to find the SHA256 and MD5 checksum of a file from various operating system commands.

Environment

  • Microsoft Windows: All Supported Versions
  • Apple macOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

  • The steps below would be able to help verify the hash checksum of a file from various operating systems:


Windows:

  • Leverage Command Prompt or PowerShell to generate an SHA-256 or MD5 checksum on Windows.
    • Command Prompt:
      1. From the Command Prompt, run the following command:
certutil -hashfile C:\path\file.exe sha256
OR
certutil -hashfile C:\path\file.exe md5

Note: Replace C:\path\file.exe with the actual path to the file
 
  • Powershell:
  1. From Windows Powershell, run the following command: 
    Get-FileHash C:\path\file.exe -Algorithm sha256
OR
Get-FileHash C:\path\file.exe -a md5

Note: Replace C:\path\file.exe with the actual path to the file

Linux:

  • Every Linux distribution comes with tools for checksum algorithms leveraging sha256sum and md5sum.
  1. Go to the directory where your downloaded file is stored, e.g.:  
    cd home/downloads
  2. From terminal, run the following command to generate the checksum:  
    sha256sum file.exe
OR
md5sum file.exe

Note: Replace file.exe with the actual name of the file
 

macOS:

  • In macOS, leverage terminal checksum commands or OpenSSL commands to get the file hash:
    • Hash check command in Terminal:
    1. To find the hash value, use the following command in the terminal:  
      $ shasum -a 256 /path/to/file
OR
$ md5 /path/to/file

Note: Replace /path/to/file with the actual path to the file
    • Using OpenSSL command in Terminal to check for Hash:
    1. Use the following command to get the hash value using OpenSSL command:  
      $ openssl sha256 /path/to/file
OR
$ openssl md5 /path/to/file

Note: Replace /path/to/file with the actual path to the file

Additional Information

If the hash is available publicly, it is also possible to check for information on VirusTotal,  although this is not Carbon Black proprietary and there's no support offered or additional information on results.

If the product has go-live or live response it may be possible to run these commands via that without logging onto the machine

 

Powered by Wolken Software