Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Glasswire's SHA-256 hash doesn't match the one listed on their website
Message
<blockquote data-quote="artek" data-source="post: 1034742" data-attributes="member: 22897"><p>The</p><p></p><p>Are other people getting a version without a digital signature as well? After the 3CX supply chain attack, I enabled the registry fix for the "WinVerifyTrust Signature Validation Vulnerability." This might explain why I'm not seeing a digital signature on the executable. But again, I don't understand posting a file hash on the download page when none of our downloads match the hash listed by them.</p><p></p><p>[URL unfurl="true"]https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/[/URL]</p><p></p><p></p><p>-edit-</p><p></p><p>I just tested the file on softpedia and it shows a digital signature for me in windows. It also shows the correct file hash of 916cd2f3ed8b599f7ace7639dc6763b272fdb21805f33da5b72b446899aa1c22. So, the registry tweak does not seem to be the culprit here.</p><p></p><p>It's just the download hosted on the main glasswire website that is modified.</p></blockquote><p></p>
[QUOTE="artek, post: 1034742, member: 22897"] The Are other people getting a version without a digital signature as well? After the 3CX supply chain attack, I enabled the registry fix for the "WinVerifyTrust Signature Validation Vulnerability." This might explain why I'm not seeing a digital signature on the executable. But again, I don't understand posting a file hash on the download page when none of our downloads match the hash listed by them. [URL unfurl="true"]https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/[/URL] -edit- I just tested the file on softpedia and it shows a digital signature for me in windows. It also shows the correct file hash of 916cd2f3ed8b599f7ace7639dc6763b272fdb21805f33da5b72b446899aa1c22. So, the registry tweak does not seem to be the culprit here. It's just the download hosted on the main glasswire website that is modified. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
