Detecting REGIN with Powershell V3

Regin is a spyware that is making quite a bit of buzz, and Jeffrey Snover nicely gave a solution to detect it with Powershell:

Knowing that sig.txt was previously created from the MD5s from http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf

Issue is, this solution requires PS V4 due to

and we don’t all have it.

Here is a solution, not the best, but works with the provided MD5s and Powershell V3:

This solution is not a one liner, but hey, if you need it, means you don’t have Powershell V4 either.

PS. this solution is limited to files less than 2 gigabytes in size, and won’t be able to verify opened files.

Disclaimer: This code does not replace professional virus and spyware detection software and should be used as instructional only.

Partager ce contenu