1

I am trying to generate App Locker rules programmatically.As MSDN described it uses SHA2 Authenticode.

I have tried using SHA256 Class from this answer but it only generates SHA256 and not Authenticode.

For example Notepad++.exe

SHA256 - 02f2cee4118a8f8d732d736e1758a38abdceea6470ba63ea224ae56b27e4983c
SRPv2 data (AppLocker) - cd068ebc869a1c7dee0ea1d5e19e89d0cacb8af385d44b0f3a57b5aefcf3c051

Edit: With a little more research, I found that Windows AppLocker expects PE256 hash.

Xnkr
  • 564
  • 5
  • 16
  • SHA2 is a different hashing algorithm from SHA256. The same input will give very different output. You need to use an implementation of SHA2. – Richard Critten Oct 17 '18 at 08:09
  • 1
    I have tried SHA256 and SHA512/256. It did not yield correct result. – Xnkr Oct 18 '18 at 09:42
  • 1
    run PowerScript and gather result from text file: `Get-AppLockerFileInformation c:\tools\calchashcmd.exe | Format-List > result.txt` :) – Zam Jan 09 '19 at 21:06
  • @Xnkr did you get answer to this question? Is there any programmatic way instead of using PowerShell? – anangupadhyaya Aug 05 '21 at 07:00

0 Answers0