The sysinternals suite provides the sigcheck.exe tool which is useful to verify the integrity of a file:
https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
Recently I had a strange issue on my Windows 10 tablet. The Windows firewall asked me whether I trusted wuapihost.exe to communicate out on my private or public network. This is an odd issue and is most likely a bug. Information online is currently not very helpful.
The best thing I could do is simply verify the integrity and signature of the file by using sigcheck.exe
I used it to check both the MD5 hash and the certificate signature. The tool also offers an option to have it uploaded and checked by "www.virustotal.com"; a subsidiary of Google.
The results of the tool:
c:\windows\system32\wuapihost.
Verified: Signed
Signing date: 2:11 AM 2015-07-10
Publisher: Microsoft Windows
Description: wuapihost
Product: Microsoft« Windows« Operating System
Prod version: 10.0.10240.16384
File version: 10.0.10240.16384 (th1.150709-1700)
MachineType: 32-bit
MD5: 7B8DF67BCA2EC042ED8B71F5226B51
SHA1:
PESHA1: 2B5B80E0E70118E9AD667314CB7FBF
PE256: 7E7B9738DE54A65D7DD09CB97F5139
SHA256: 001FF7CD1D524636F936814B9154C2
IMP: 50A7A0582886E9AB08BEF947D1B09A
https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx
Recently I had a strange issue on my Windows 10 tablet. The Windows firewall asked me whether I trusted wuapihost.exe to communicate out on my private or public network. This is an odd issue and is most likely a bug. Information online is currently not very helpful.
The best thing I could do is simply verify the integrity and signature of the file by using sigcheck.exe
I used it to check both the MD5 hash and the certificate signature. The tool also offers an option to have it uploaded and checked by "www.virustotal.com"; a subsidiary of Google.
The results of the tool:
c:\windows\system32\wuapihost.
Verified: Signed
Signing date: 2:11 AM 2015-07-10
Publisher: Microsoft Windows
Description: wuapihost
Product: Microsoft« Windows« Operating System
Prod version: 10.0.10240.16384
File version: 10.0.10240.16384 (th1.150709-1700)
MachineType: 32-bit
MD5: 7B8DF67BCA2EC042ED8B71F5226B51
SHA1:
PESHA1: 2B5B80E0E70118E9AD667314CB7FBF
PE256: 7E7B9738DE54A65D7DD09CB97F5139
SHA256: 001FF7CD1D524636F936814B9154C2
IMP: 50A7A0582886E9AB08BEF947D1B09A
No comments:
Post a Comment