Summary
Checks the checksums (MD5 or SHA1) of specified files in Windows
Detection
This script transfers the application rehash.exe v0.2 to the target encoded in a VB Script.
This is done via a WMI connection (win_cmd_exec()) as Base64 code.
The script will then execute the VB Script over WMI, with the command 'cscript //nologo %temp%\\greenbone_base64_to_exe.vbs' to decode the Base64 code of the rehash.exe programm.
After decoding the VB Script will be deleted with the command 'del %temp%\\greenbone_base64_to_exe.vbs'.
Subsequently, the application rehash.exe will be started. It will verify checksums based on the data supplied through the option 'Target checksum File'.
If configured, the application rehash.exe will be deleted afterwards with the command 'del rehash.exe'.
License of the application rehash.exe: BSD 2-Clause License Sourcecode for the application rehash.exe: http://sourceforge.net/projects/rehash/files/rehash/0.2/rehash-0.2-src.zip/download
Binary for the application rehash.exe: http://sourceforge.net/projects/rehash/files/rehash/0.2/rehash-0.2-win.zip/download