Find the MD5 Hash of a File

One common way that virus scanners and security experts can track down malware is by hashing it. This gives you a unique value for that particular executable or malicious file. How do they get that hash? One example is using the free md5deep tool. Run from the command line, it can quickly give you the MD5 has of the file. Note: There are other tools to give you similar SHA1 and SHA2 hashes.

> .\md5deep.exe c:\windows\temp\AdbeRdr110009_en_US.exe




Another use that general internet users can have for these MD5 hashes is to provide confirmation that the file they just downloaded is truly the file the author intended you to download. In between you clicking and downloading, many malicious things can happen to a file to the point where you're no longer downloading what you thought you were. Therefore if the author publishes an MD5 hash of his file on his website, then you can download the file, run md5deep like above, and confirm that the MD5 hash you got matches the one on the author's website. It's a good best practice to stay safe out on the dirty internet.

Trust but verify!

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.