A Step-by-Step Guide to Check an MD5 Checksum of a Downloaded File
Infected executables are a common type of malware that can be very harmful to both individuals and organizations. Attackers often disguise these files as genuine software updates in order to trick people into downloading and running them.
According to Sophos’ State of Ransomware 2021 report, the average total cost of recovery from a ransomware attack went up from $761,106 in 2020 to $1.85 million in 2021. This is why it is important to be cautious when downloading files from the internet and to only download files from reputable sources.
One way to protect yourself and your organization from infected executables are to use checksums to verify the integrity of downloaded files.
A checksum is a value that is calculated based on the contents of a file. If the file has been modified, the Checksum will be different. You can compare the calculated Checksum with the one provided by the sender to verify the integrity of the file.
Here we will talk about checking the MD5 Checksum of a downloaded file, even if it is digitally signed. But, before that, let us understand why it is required.
Why is Checking an Exe’s MD5 Checksum Important?
Checking the Code Signing Certificate and comparing the Checksum of the downloaded file with the one provided by the sender are both good practices for verifying the authenticity and integrity of an executable file.
By comparing the Checksum of the downloaded file with the one provided by the sender, you can determine if the file has been modified during the download process. Though code signing certificates and checksums are not always foolproof and can be compromised, it is a good idea to be cautious when downloading and running executables, especially from unknown sources.
How to Check MD5 Checksum of a Downloaded File?
You might be using third-party software to generate MD5 checksums. However, you can also go for the Windows command prompt to avoid the hassle of installing yet another tool. This process is quick and convenient. Let’s discuss the steps for Windows first and then get on with Mac and Linux operating systems.
Checking the MD5 Checksum For Windows
Step 1: Downloading the File
- Download a file whose MD5 Checksum you have to check. On the download page’s bottom, you will find a link that will fetch you all the signature and checksum data that is needed to verify the executable file’s integrity.
Step 2: Open the Windows Command Prompt Tool
- With all the information at your disposal, you can now click on the Start button, which will open the Windows command prompt.
- In the run bar, type ‘cmd.’
- Click on Run as Administrator
Step 3: Go to the Saved .Exe Directory
- Now you can navigate to the folder where the download.exe file is saved. That can be done by using the cd (change directory) command.
Step 4: Generate the MD5 Checksum
- Type certUtil -hash file followed by the filename (in this case, KeePass-2.50-Setup.exe) and MD5. It would look like this: certUtil -hashfile KeePass-2.50-Stepup.exe MD5.
- Press Enter.
Step 5: Compare the Two Checksums
- Check that the returned value of the Checksum you generated matches with the original MD5 Checksum displayed on the download webpage.
- Compare the generated Checksum with the one provided by the sender to verify the integrity of the file.
You can also use Windows PowerShell for checking MD5 Checksum. All you have to do is:
Step 1: Open Windows PowerShell on your computer.
Type the following command to import the System.Security.Cryptography.HashAlgorithm module:
Step 2: Type the Get-FileHash -Algorithm MD5 ‘path\to\file’ command to calculate the MD5 Checksum of a file, replacing ‘path\to\file’ with the actual path to the file you want to calculate the Checksum for.
For example, to calculate the MD5 Checksum of a file called ‘example.txt‘ that is located in the ‘C:\Users\Username\Documents‘ folder, you would use the following command:
This will generate and display the MD5 Checksum of the specified file. You can then compare this Checksum with the original Checksum provided by the source to verify the integrity of the file.
Note that you can also use the Get-FileHash cmdlet to calculate checksums for other algorithms, such as SHA-1 or SHA-256. To do this, simply specify the desired algorithm in the -Algorithm parameter like this:
Get-FileHash -Algorithm SHA-1 ‘path\to\file’
or
Get-FileHash -Algorithm SHA-256 ‘path\to\file’
This will generate and display the MD5 Checksum of the specified file. You can then compare this Checksum with the original Checksum provided by the source to verify the integrity of the file.
Checking MD5 Checksum on Mac
To generate an MD5 checksum on a Mac, you can use the following steps:
Step 1: Open the Terminal application on your Mac. You can find this application in the “Utilities” folder within the “Applications” folder.
Step 2: Type the following command to calculate the MD5 Checksum of a file, replacing “path/to/file” with the actual path to the file you want to calculate the Checksum for.
md5 'path/to/file'This will generate and display the MD5 Checksum of the specified file.
Step 3: You can then compare this Checksum with the original Checksum provided by the source to verify the integrity of the file.
Note that you can also use the ‘openssl‘ command to calculate checksums for other algorithms, such as SHA-1 or SHA-256. To do this, simply specify the desired algorithm in the command.
openssl sha1 'path/to/file'or
openssl sha256 'path/to/file'Checking the MD5 Checksum on Linux
To generate an MD5 checksum on a Linux system, you can use the ‘md5sum’ command. Here are the steps to follow:
Step 1: Open a terminal window on your Linux system.
Step 2: Type the following command to calculate the MD5 Checksum of a file, replacing “path/to/file” with the actual path to the file you want to calculate the Checksum for.
md5sum 'path/to/file'This will generate and display the MD5 Checksum of the specified file. You can then compare this Checksum with the original Checksum provided by the source to verify the integrity of the file.
Note that you can also use the ‘sha1sum’ and ‘sha256sum’ commands to calculate checksums for other algorithms, such as SHA-1 or SHA-256. To do this, simply use the appropriate command and specify the path to the file, like this:
sha1sum 'path/to/file'or
sha256sum 'path/to/file'If the MD5 Checksum of the downloaded file matches the one provided by the sender, it is likely that the file has not been modified during the download process. This means that you can trust the file and proceed with installation or use.
On the other hand, if the checksums do not match, it means that the file may have been modified during the download process. This could be due to a number of reasons, such as an infection or a problem with the download process. In this case, it is important to be cautious and not trust the file. It is a good idea to delete the file.
That’s it. That is how you check the MD5 Checksum of downloaded files on different operating systems.
Check MD5 Checksum and Stay Safe
Using checksums is an important part of a comprehensive security strategy. By verifying the integrity of data, you can ensure that your organization is not vulnerable to attacks that involve modifying data, such as malware or viruses.
Additionally, checksums can help you detect when data has been modified accidentally, such as when a file is corrupted during transmission. So it’s best not to take any risk and leverage the might of checksums to keep your confidential data safe and secure.
