Update: Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21
[URL] https://blogs.technet.microsoft.com/sysinternals/2017/02/17/update-sysmon-v6-autoruns-v13-7-accesschk-v6-1-process-monitor-v3-32-process-explorer-v16-2-livekd-v5-61-and-bginfo-v4-21/
- Sysmon v6.00(以前はv5.02)
- Autoruns v13.7 (以前はv13.62)
- AccessChk v6.1(以前はv6.02)
- Process Monitor v3.32(以前はv3.31)
- Process Explorer v16.20(以前もv16.20)・・・古い方のデジタル署名のタイムスタンプは2016/11/18、新しい方は2017/02/02
- LiveKd v5.61(以前はv5.6)
- BgInfo v4.21(以前はv4.21)・・・古い方のデジタル署名のタイムスタンプは2016/10/28、新しい方も2018/10/28、ファイルサイズも同じ。もしかして変わってない?
BgInfo が変わってない疑惑。こういうときこそ、Sigcheck!
新しい方:は...
PS C:\demo\newtools> sigcheck -a -h -nobanner .\bginfo.exe
C:\demo\newtools\bginfo.exe:
Verified: Signed
Signing date: 8:11 2015/10/28
Publisher: Microsoft Corporation
Company: Sysinternals
Description: BGInfo - Wallpaper text configurator
Product: BGInfo
Prod version: 4.21
File version: 4.21
MachineType: 32-bit
Binary Version: 4.21.0.0
Original Name: Bginfo.exe
Internal Name: BGInfo
Copyright: Copyright ゥ 2000-2014 Mark Russinovich
Comments: n/a
Entropy: 6.677
MD5: 48FC329EA410C3244461C907F7971A83
SHA1: 687EFCE8FA372A64B8292AA5293D6128C0D796BB
PESHA1: 60CC82E885656DF5E0C658434575A0AA8349B360
PE256: D398FFCA91C533589B42270E85D4AB807EDC6BFF94CA848CD4FF6D9C01C5F750
SHA256: B29FF87127D45D2400CED4473058971B05B4EC9445B6838CDE38E486FFBF68EF
IMP: A73DEEC62AE3678DF18C30191517815B
古い方は...
PS C:\demo\newtools> sigcheck -a -h -nobanner "c:\program files\sysinternalssuite\bginfo.exe"
c:\program files\sysinternalssuite\Bginfo.exe:
Verified: Signed
Signing date: 8:11 2015/10/28
Publisher: Microsoft Corporation
Company: Sysinternals
Description: BGInfo - Wallpaper text configurator
Product: BGInfo
Prod version: 4.21
File version: 4.21
MachineType: 32-bit
Binary Version: 4.21.0.0
Original Name: Bginfo.exe
Internal Name: BGInfo
Copyright: Copyright ゥ 2000-2014 Mark Russinovich
Comments: n/a
Entropy: 6.677
MD5: 48FC329EA410C3244461C907F7971A83
SHA1: 687EFCE8FA372A64B8292AA5293D6128C0D796BB
PESHA1: 60CC82E885656DF5E0C658434575A0AA8349B360
PE256: D398FFCA91C533589B42270E85D4AB807EDC6BFF94CA848CD4FF6D9C01C5F750
SHA256: B29FF87127D45D2400CED4473058971B05B4EC9445B6838CDE38E486FFBF68EF
IMP: A73DEEC62AE3678DF18C30191517815B
やっぱりおんなじだ。
0 件のコメント:
コメントを投稿
注: コメントを投稿できるのは、このブログのメンバーだけです。