10 Tools to Verify File Integrity Using MD5 and SHA1 Hashes
6 MultiHasher
This utility is by the same developer as the well known HostsMan Windows HOSTS file editor. It has a number of useful options and files can be added to the list in several ways. You can open one or multiple files at once, entire folders (including sub folders), by paths, by running processes and via nine different types of hash list. It can also create a hash value for small text strings. CRC32, MD5, RIPEMD and the SHA family of hash algorithms are supported.
File association, drag and drop and the right click context menu option is also there, along with an option to search for the checksum on Google. A potentially valuable feature for those that need it is the ability to upload and query files on Virustotal. This requires an API key from VirusTotal but anyone can get a key by signing up for a free account. Uploading and checking can then be done from within MultiHasher. Portable and installer versions of MultiHasher are available.
7 7-Zip
7-Zip is probably the most popular and well known free file archiver around today. Not least because of its 7z archive format that can achieve great compression ratios. The ability to verify file checksums with CRC or SHA has been in 7-Zip since 2011. A few years later a function was added to 7-Zip that introduced a context menu entry where you can quickly check a file’s integrity through the program’s user interface.
Just right click on a file and go to “CRC SHA” and the options will be available to get a checksum for CRC-32, CRC-64, SHA1, SHA256, or the asterisk will get all at once (including BLAKE2sp). Do note that when you select multiple files 7-Zip will give the overall checksums for all files added together and not each file individually. The 7z.exe command line tool has this function by using the “h” command along with a hash switch “-scrc[CRC32|CRC64|SHA1|SHA256|*].
7z.exe h -scrcSHA256 [filetocheck.ext]
8.HashTab
HashTab is another tool that uses the system file properties window to show file hashes and is quite similar to HashCheck. After right clicking on the file and going to Properties, the tab is called “File Hashes” and you will get CRC32, MD5 and SHA-1 hash values displayed by default. One major limitation HashTab has compared to HashCheck is it only works on one file at a time.
Pressing Settings gives access to an impressive selection of 27 additional hash values that can all be displayed. These include the Keccak, RIPEMD, SHA and MD families along with several others like GOST, ED2K, Adler32, and Tiger. You can compare the current file with a hash value in the clipboard by using the Hash Comparison box or use the “Compare a file” button to compare another file with the selected one.
9. Hasher
Not to be confused with the Igorware tool at the top of our list, this hashing tool is pretty simple to use and lets you drag and drop or browse for a single file to get a checksum. We are looking at version 1.20 from 2009 as all the later versions have a five second nag window on startup, so we really can’t recommend them. They do have more available hashes and folder/multi-file support if you feel like trying one out.
This older version is a small executable and will give you hash values for CRC32, MD5, SHA-1, and ELF. The current hash can be copied to the clipboard and you can manually compare the current hash value with a previous one from the clipboard or the next file that gets checked. Enabling the log file will keep a history of processed hashes and any comparison results.
Download Hasher (version 1.20 is at the bottom)
10. Microsoft CertUtil, FCIV, and PowerShell
We’ve grouped these three options together as they are all by Microsoft and the first two are built into Windows. They can be useful for adding into scripts or creating simple drag and drop shortcuts and etc.
Certutil
CertUtil is a command line tool that is primarily for showing information for and handling digital certificates on the system. One of its functions is being able to show the hash of a file, which is what we are looking for. The command to use for a file is as follows.
Certutil -hashfile [filetocheck.ext]
This will output the SHA1 checksum of the file. Other algorithms are supported, just append MD2, MD4, MD5, SHA256, SHA384, or SHA512 to the line and it will show that value instead. Only one algorithm is supported at a time, so if you want SHA1 and MD5 you will have to run the tool twice.
Certutil -hashfile [filetocheck.ext] MD5
PowerShell
The PowerShell function is also built into Windows so needs no external executable. It works in a similar way to CertUtil. Windows 7 users will need to manually install PowerShell version 4 or above for this command to work.
Get-Filehash [filetocheck.ext]
Just supplying the file to the get-filehash command will output the hash as SHA256 by default. You can change this by adding -a and the new algorithm, MD5, SHA1, SHA384, SHA512, MACTripleDES, and RIPEMD160 are supported.
Get-Filehash [filetocheck.ext] -a SHA1
Note that like the Certutil tool, only one hashing method can be entered into the command at a time.
FCIV
This last tool is not built into Windows but is still made by Microsoft. The File Checksum Integrity Verifier (FCIV) is from way back in 2004 and Microsoft offers no support for it. It has a few more advanced options than the other two commands, including recursing into subdirectories, an exclusions list and the ability to save/list/verify checksums in an XML database.
Fciv [filetocheck.ext]
By default, FCIV outputs MD5 checksums but you can change this to SHA1 by appending -SHA1 or -Both to output MD5 and SHA1 at the same time.
Fciv [filetocheck.ext] -Both
It’s odd this tool has no support because it has a proper knowledge base designation of KB841290 and there is a full page on the Microsoft website detailing FCIV’s usage. A download link is on the same page.
Download Microsoft File Checksum Integrity Verifier
There are dozens of these tools about, and you might already have your favorite. Of course, feel free to tell us about the hash program you like best. If you want to try the reverse and actually have a go at identifying the file from a hash value, you might like to look at this article.
You might also like:
2 Tools to List Files Protected by System File Checker (SFC)
10 Free Tools To Save or Print a List of File and Folder Contents
5 Tools To Help Identify Unrecognized or Unknown File Types
7 Tools to Stop Windows Running the USB Flash Drive Autorun.inf File
8 Tools to Track Registry and File Changes by Comparing Before and After Snapshots
An option that is built into current versions of Windows is using the Get-Filehash Cmdlet to generate the hash. It will do SHA1,SHA256,SHA384,SHA512,MACTripleDES,MD5,RIPEMD160
Process in PowerShell
Get-Filehash -path c:\foo\filename.exe -algorithm SHA1
for filename.exe in the C:\foo folder to generate an SHA1 hash.
Full details here for documentation
docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-6
What I really want is a tool that will generate a CRC64 for single or multiple files / folder; And then append this checksum to the files “extended attributes” so that it is forever linked to the file. This would allow the file to be tested for corruption easily. (I know it is not perfect but good enough for most of us).
It would also allow another program to quickly find potential duplicate files. This would be very fast as each file already has its own checksum.
This seems a very simple idea – it must have been done – can anyone suggest suitable windows apps?
I know I’m stating the obvious, but one reason this simple idea isn’t realized to the extent you would like is the fact that many, if not most, files change due to legitimate update via patches, and of course data files are frequently edited. And of course any compressed file in a lossy format will change if opened and re-saved.
The problem with adding anything to a files “extended attributes” is like this:
1. A file’s extended attributes are a part of the file. Add or change something there and the file’s hash changes. BTW, that’s one sneaky way malware writers get malware onto a system – they hide it in the extended attributes. And! That changes the file’s hash, alerting you to the fact that it’s not original.
2. Not all file systems support extended attributes, and not all file transfer protocols support them either.
(a) If you copy a file to a FAT formatted flash-drive or SD card, all the extended attributes are lost.
(b) Writing a file to a Windows (SMB) share, (which is what many inexpensive network file storage devices use), may or may not keep the extended attributes – most likely not.
(c) File transfer protocols like wget (HTTP), ftp, sftp, rsync, (etc) are not guaranteed to handle extended attributes correctly.
3. Even if the file system you’re copying to supports extended attributes, if they’re not supported in the same way, no banana. A prime example is a file copied between a Windows and a Mac file system. They both implement file streams (extended attributes), but implement them differently and are therefore incompatible. The same is true for ext-2, 3, and 4 on Linux systems.
If you are comfortable with the command prompt, you can use my free utility, CrcCheckCopy.
It compares large sets of files and creates a CRCstamps.txt file where you can see the crc of every file. The verification is done against the CRCstamps.txt.
For Windows and MacOS, you can see it here: starmessagesoftware.com/crccheckcopy
all the files listed here get flagged by Norton as a dangerous file, hummmmm
If Norton is really flagging all the files listed here then it is truly messed up. I tested at least half in VirusTotal and they came up completely clean. In my ESET AV and Malwarebytes as well.
I have looked for an answer to this on several tech help sites.
Every one of these sites fail in the same way.
How do you automate the testing of the new hash against the developer’s official hash?
These things can be quite long, making it easy to make mistakes.
Some of the tools here have a verify option where you can paste in the official hash and see if it matches the hash from the file.
Isn’t that exactly what you are looking for??
James And HAL9000
When manually checking only matching a few digits is enough ….
Bcuz as far as i know A checksum is a extremely unique Sequence of characters …
Even if the two files differ by just a few bytes of data they will have entirely different checksums …
P.S. this is from my personal experience.
It’s not so likely but entirely possible to have two vastly different files and the first few characters of the checksum match, so that simply isn’t enough if you want to be totally sure the file is a 100% copy.
HAshGenerator website downloaded file, gets flagged by Norton as a dangeorus file and quarantined. Just FYI
is that possible to know a application name using Hash value (MD5)
How can ı found original hash values of windows 10?
Also note that 7-Zip has hash checking built-in.
7-zip.org
Hashcheck reworked: github.com/gurnec/HashCheck/releases/
There is a new Universal tool called Amazing Hash Utility built for Windows 10, available in the store for free
Very useful info about hash value, thanks!
hello
thanks alot
Still a great post after a few years. Thanks for making and creating it. Cheers~
—
Sam Smith
I found this article very useful, Thanks!
Thanks for mentioning ExactFile. Their console utility does a decent job when you need to process files within a large folders tree. Unfortunately it misses few advanced features such as including/excluding files by wildcards and it stores checksum of the whole tree into one file.
Similar to HashTab by ImplBits is the program by Kai Liu named HashCheck. It, too, installs as a shell extension for Windows Explorer, and works on both x86 as well as x64. See code.kliu.org/hashcheck/
Even though it has not been updated in a very long time (over 6 years!) it works well in XP through 10. Although it shows only CRC-32, MD4/5, and SHA-1, it also has the ability to *save* the MD5 check file for future verification.
Another advantage over HashTab is that you can select multiple files and hash them all at once, and again, save the MD5 of all selected files together in a single file.
+1 for HashCheck. Just grabbed it and it’s comprehensive and super-lightweight. Ability to handle multiple files and shell integration are musts.
hey , i have a question , i want to know if i am givan a md5 signture as this :
e9bf1dd6bfe8ec57f6a41b3cab428b28
can i know if the file is melicios just by looking at the md5 signture ?
if not , what is the best way to figure it out?
You can’t tell just by looking at the signature, the only way to find out is to identify what the file is that matches that MD5, and then check if the file is malicious.
For example, Googling your MD5 tells me that the file is gcBar.dll and it’s classed as “Adware” by some antivirus.
If a search engine can’t tell you, then you can try to decrypt the MD5, here is an article on the subject:
raymond.cc/blog/ask-raymond-how-to-decrypt-md5-hashed-strings/
I totally agree with taco, HashCheck is the best file integrity verifier you can get, despite it hasn’t been updated since 2009. Highly recommended.
Just spent an hour trying to download latest version (5.0) of Download Hash Verifier. There are way, way, too many links labelled “Download” or something similar to determine the actual, magic link that will download the software. After the third return to the same Web page I finally gave up. I have the 4.5 version which seems to work fine. Or I may try one of the other alternatives listed here.
If you are talking about the the SecurityXploded tool, I would agree it has quite a few download buttons to go through, although I managed to get the file downloaded in under 30 seconds.
On the final page it will say “Here is your direct download link”, click on download link and the file will come down.
Great tool HashCheck. Thank you taco!
The best one is not on the list: HashCheck
Check it out here: code.kliu.org/hashcheck/
It’s the easiest to use and very fast and the best is that it seamlessly integrates into the windows explorer.
Thanks for this man. Great resource. cheers
MD5 & SHA-1 Checksum Utility for me. Lite and easy to use!
This is a great post, but you missed the huge one. Microsoft’s File Checksum Identify Verifier. I ran across it while looking for a command line tool to quickly check some hashes and once I installed it to my Windows directory (to put it in the PATH), I can use it from anywhere on the system. It “only” does SHA1 and MD5, but that’s plenty for my uses.
IgorWare Hasher is brilliant! Thanks Ray
Excelent post, Hal 9000.
It’s a tutorial on how to use Hashes to check file integrity.