When you are threathunting for malware across 100s of systems; it gets quiet confusing.
- Change SigcheckPath= To where you have sigcheck saved! Sorry i should just download this from internet :/
- Replace the Directory Path
Just run the script!
This script would grab all the users in a directory C:\Users
This directory is where mostly malware gets in first; but you may also try C:\ or C:\Windows as well for interesting path's. I STRONGLY recommend to scan only UNSIGNED files "except LetsEncrypt".
It uses sigcheck to scan for all files which don't match extensions *.dat, *.jpg, *.gif etc and if the file is less than 1mb within the C:$Users\ Directory.
You can change this to 2mb even for better results as most malware is actually below 2mb.
Finally gives you the output in a .csv file with virustotal results.
Credits to myself ~ Ismail Kaleem