The sigcheck tool was used to analyze the file ShinoBOT.exe. Sigcheck provides information about file signatures, hashes, entropy, and VirusTotal scanning. When run with various options, sigcheck output details on the file such as it being unsigned, its internal and file versions, entropy value, and hashes that could be used for scanning on VirusTotal. Sigcheck was also used to check a signed file and output the signature details.

1. sigcheck main option
@Sh1n0g1

2. no option
>sigcheck Shinobot.exe
Sigcheck v2.30 - File version and signature viewer
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - www.sysinternals.com
E:DesktopShinoBOT.exe:
Verified: Unsigned
Link date: 17:41 2016/12/22
Publisher: n/a
Company: Sh1n0g1 Inc.
Description: ShinoBOT
Product: ShinoBOT
Prod version: 3.1.0.0
File version: 3.1.0.0
MachineType: 32-bit

3. -q (quiet)
>sigcheck -q ShinoBOT.exe
E:DesktopShinoBOT.exe:
Verified: Unsigned
Link date: 17:41 2016/12/22
Publisher: n/a
Company: Sh1n0g1 Inc.
Description: ShinoBOT
Product: ShinoBOT
Prod version: 3.1.0.0
File version: 3.1.0.0
MachineType: 32-bit
The following banner disappears.
Sigcheck v2.30 - File version and
signature viewer
Copyright (C) 2004-2015 Mark
Russinovich
Sysinternals - www.sysinternals.com

4. -a (extended version information, entropy)
>sigcheck -a ShinoBOT.exe
Sigcheck v2.30 - File version and signature viewer
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - www.sysinternals.com
E:DesktopShinoBOT.exe:
Verified: Unsigned
Link date: 17:41 2016/12/22
Publisher: n/a
Company: Sh1n0g1 Inc.
Description: ShinoBOT
Product: ShinoBOT
Prod version: 3.1.0.0
File version: 3.1.0.0
MachineType: 32-bit
Binary Version: 3.1.0.0
Original Name: SHINOBOT_BUILDER.exe
Internal Name: SHINOBOT_BUILDER.exe
Copyright: Sh1n0g1 Inc.
Comments: RAT simulator
Entropy: 4.719

5. -h (hashes)
>sigcheck -h ShinoBOT.exe
Sigcheck v2.30 - File version and signature viewer
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - www.sysinternals.com
E:DesktopShinoBOT.exe:
Verified: Unsigned
Link date: 17:41 2016/12/22
Publisher: n/a
Company: Sh1n0g1 Inc.
Description: ShinoBOT
Product: ShinoBOT
Prod version: 3.1.0.0
File version: 3.1.0.0
MachineType: 32-bit
MD5: 9B2166D3B72C84396EDECE1673E923B7
SHA1: CF8C8D3F48FB1304E0AAB7EFB6C3EB9BBE833BC5
PESHA1: 5A7BAE6C68F50ABA37EB0FDC5B698115DB13C14B
PE256: CB30CF07163B72F49DADA51CDC3965E6F79AA6D9A430524AD81C0D445155CDDC
SHA256: BF7EFF73A37965B7ECD784E621F0B7118402C4C03E450E648B8922F070D440C8
IMP: F34D5F2D4577ED6D9CEEC516C1F5A744

6. -v (VirusTotal)
>sigcheck -v ShinoBOT1326.exe
Sigcheck v2.30 - File version and signature viewer
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - www.sysinternals.com
e:WorkShinoBOT1326.exe:
Verified: Unsigned
Link date: 9:23 2013/07/25
Publisher: n/a
Company: Sh1n0g1
Description: ShinoBOT
Product: ShinoBOT
Prod version: 1.3.2.6
File version: 1.3.2.6
MachineType: 32-bit
VT detection: 44/57
VT link:
https://www.virustotal.com/file/e10506ed829846ae5b7cddbb7ff636b18f632f28f072f9
b399b9cbdbd643b8d9/analysis/

7. -i (signed info)
>sigcheck -i DummyPopup_Signed.exe
Sigcheck v2.30 - File version and signature viewer
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - www.sysinternals.com
E:DesktopDummyPopup_Signed.exe:
Verified: Signed
Catalog: E:DesktopDummyPopup_Signed.exe
Signer:
Sh1n0g1 Inc
Status: ????????????????????????????????
Valid Usage: All
Serial Number: 01
Thumbprint: 9C85EA7F5672E74E3A5C45279EECBD979B559DDB
Algorithm: SHA1
Valid from: 16:54 2013/11/22
Valid to: 16:54 2015/11/22
Signing date: n/a
Publisher: Sh1n0g1 Inc
Company: n/a
Description: Popup
Product: Popup
Prod version: 1.0.0.0
File version: 1.0.0.0
MachineType: 32-bit

8. aihqv combined
>sigcheck -a -i -h -q -v DummyPopup_Signed.exe
E:DesktopDummyPopup_Signed.exe:
Verified: Signed
Catalog: E:DesktopDummyPopup_Signed.exe
Signer:
Sh1n0g1 Inc
Status: ????????????????????????????????
Valid Usage: All
Serial Number: 01
Thumbprint: 9C85EA7F5672E74E3A5C45279EECBD979B559DDB
Algorithm: SHA1
Valid from: 16:54 2013/11/22
Valid to: 16:54 2015/11/22
Signing date: n/a
Publisher: Sh1n0g1 Inc
Company: n/a
Description: Popup
Product: Popup
Prod version: 1.0.0.0
File version: 1.0.0.0
MachineType: 32-bit
Binary Version: 1.0.0.0
Original Name: DummyPopup.exe
Internal Name: DummyPopup.exe
Copyright: Copyright ｩ 2013
Comments: n/a
Entropy: 6.755
MD5: 66F65B57235F9886537BB791DB6DFB14
SHA1: D71365CCDC97D0A1BD88A97C81DAD6562749CA0A
PESHA1: AC6275E718A4E334B042B870DD66F3BB759B56FA
PE256: 05D0ABD52B5E3A6C9CBD2033FC806568EEDFD235C0F3297FE9F3F409580A1FAA
SHA256: 821B0E74CBBF042C32A691103D5DC449A1812E9FB0E5185B61B2F21CCCC1E883
IMP: F34D5F2D4577ED6D9CEEC516C1F5A744
VT detection: 1/56
VT link: https://www.virustotal.com/file/821b0e74cbbf042c32a691103d5dc449a1812e9fb0e5185b61b2f21cccc1e883/analysis/