My Anti-virus or Malware Software reports QuickHash as suspicious

This has happened several times by several AV companies. They use special algorithms to assess threat, and they occasionally get it wrong! Even the big ones like Kaspersky, Norton, AVG and VirusTotal have all flagged it before, wrongly. Whenever I have approached them about it, they apologise and say they fix it, which they do, but a year or so later it pops up their radar again.

There are several bug reports (like this one) and this has always been (so far) a false alarm. If your AV software flags QuickHash, please don’t just abandon the program. Instead e-mail me a screenshot of the AV software so I can tell them about it and get in touch….I will help by either verifying your download via hash values or, if you have got a dodgy version of it from somewhere by accident or in error, use this website to download the valid version.

Remember the program is open-source. So if you do ever end up with an exe that is genuinely a virus, its because someone else has engineered it and distributed it illegally (or against the GPL2).


Back to Index

Do I install QuickHash?

No. At least, you don’t have to. But there are some steps to take that can vary between operating system architectures.

For Windows, the executable will run simply by launching it. As of v3.0.0, you must ensure the two DLLs are also extracted from the zip download and be located in the same folder as the executable file.

For OSX, in theory, you simply copy the app file from the zip into your Applications folder or Desktop folder. However, OSX can be a challenge. If that does not work, do one (or both) of the following:

It is important to ensure you apply executable permission via the Terminal to the binary file INSIDE the app file. i.e.

chmod +x .

That applies executable permission to the binary part of the app bundle.

Also, you may need to still allow the application to run via your system preferences –> System and Security (or press the option key and then double click the app). This is especially true for the unsigned version of the program. The signed version is likely to be less hassle.

For Linux, simply download the pre-compiled binaries and ensure they have executable permission (chmod +x NameOfBinary). Debian packages are made available a few days after a release, and these can be installed as part of your Debian based Linux distribution using your package manager or DPKG (sudo dpkg -I NameOfDebianPackage.deb)

Back to Index

Where is the source code?

The program is open-source. The code is hosted on GitHub HERE

Back to Index

Code signed downloads – how to verify

In Feb 2018, a code-signing certificate was purchased from Digicert to enable QuickHash to be provided as validated code-signed executables and as an OSX application. This was in response to user demand and the increasing limitations built into Windows and OSX to prevent non code signed software from running.

The compiled program was made available for a small fee but the ratio of users who bought it was only 0.4% of those who just used the unsigned version. So code-signed versions are currently not available, unless demand for it increases.

For those with a previously purchased copy of the code signed program, to  validate your purchased code signed copy of the program requires one of two methods depending on whether you use Windows or OSX.

For Windows : download DigiCerts Code Sign tool and click ‘Check Signature’ and then browse to the Quickhash executable file.

For Apple OSX : using the terminal, navigate to the folder where you have the located and then execute the following command :

> codesign -dv --verbose=4

Back to Index

How do I hash QuickHash itself after downloading?

Many users are, of course, downloading QuickHash to compute hashes in the first place. But it is good practice to hash a downloaded file before you launch it to make sure you can trust it…to make sure the hash reported on the website for the file is the same as you have just downloaded.

So how do they hash QuickHash without using QuickHash? Firstly, obtain the hash from the download section for the download. Its usually listed towards the bottom of the description.

Then, depending on your platform, use the following commands (note the hashes below are NOT the official hashes to check against…examples only):

Windows 10 : Launch PowerShell and, to generate a SHA256 for example, use Get-FileHash

PS C:\> Get-FileHash $pshome\PathToQuickhash\QuickHash.exe | Format-List Algorithm : SHA256 Hash : 6A785ADC0263238DAB3EB37F4C185C8FBA7FEB5D425D034CA9864F1BE1C1B473 Path : C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Windows 7 or below : There are several tools that are free. Try Microsoft File Checksum Integrity Verifier or use something like FTK Imager

Linux : Launch a terminal and  to generate a SHA256 for example, use sha1sum or sha256sum

sha256sum /PathToQuickHash/QuickHash-Linux-x64

Apple Mac OSX : Launch a terminal and  to generate a SHA1 for example, use openssl

openssl sha1 /PathToQuickHash/


Back to Index