Calculating checksums with CertUtil

There are many utilities which can calculate file checksums.

However, in some cases it’s not an option to use a third-party tool. For instance:

  • The system is permanently or temporarily disconnected from a network.
  • Allowed software is restricted due to policies.

 

But Windows has a built-in tool, which can calculate file checksums: CertUtil

The syntax is:

certutil -hashfile file_to_check.bin [HashAlgorithm]

 

Among the supported hash algorithms are MD5, SHA1 and SHA256.

Be aware that the hash algorithm has to be in uppercase or the command can fail with:

CertUtil: -hashfile command FAILED: 0xd00000bb (-805306181)
CertUtil: WsResetMetadata

 

Example of use:

certutil -hashfile c:\Windows\System32\calc.exe MD5

Result:

MD5 hash of file c:\Windows\System32\calc.exe:
10 e4 a1 d2 13 2c cb 5c 67 59 f0 38 cd b6 f3 c9
CertUtil: -hashfile command completed successfully.